Password and username parameters have sql injection vulnerability on admin panel. Exploit changes password of admin user.
A directory traversal vulnerability exists in IBM InfoPrint 4247-Z03 Impact Matrix Printer, which allows an attacker to access sensitive files outside of the web root directory. This vulnerability is due to the application not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters. Successful exploitation of this vulnerability could allow an attacker to access sensitive files outside of the web root directory.
Password and username parameters have sql injection vulnerability on admin panel. Also, there isn't any restriction for malicious file uploading in the 'Insert Product' section. This two vulnerabilities occur unauthenticated remote command execution.
This exploit allows an attacker to bypass authentication on a Wordpress website using the Ultimate Addons for Beaver Builder plugin version 1.2.4.1 or lower. The attacker needs to know a valid admin/user email address and the page must have a social media login form embedded. The exploit works by sending a POST request to the admin-ajax.php page with the specified email address and a valid nonce.
The NextVPN Application was installed with insecure file permissions. It was found that all folder and file permissions were incorrectly configured during installation. It was possible to replace the service binary. By replacing NextVPN.exe, update.exe, st.exe, openconnect.exe, Helper64.exe and other files with any executable malicious file, an attacker can gain SYSTEM or Admin privileges.
This exploit is a root exploit for FreeBSD-SA-19:02.fd by Secfault Security. It uses libmap.conf primitive inspired by kcope's 2005 exploit for Qpopper. It creates a socketpair and opens two files with the same name. It then creates 400 threads and each thread sends and receives messages from the socketpair. This causes a race condition which leads to privilege escalation.
AVE DOMINAplus <=1.10.x is vulnerable to Cross-Site Request Forgery (CSRF) which allows an attacker to enable/disable the alarm system of the affected version. This vulnerability can be exploited by sending a malicious request to the vulnerable application.
AVE DOMINAplus is vulnerable to credentials disclosure. The vulnerability affects Web Server Code 53AB-WBS - 1.10.62, Touch Screen Code TS01 - 1.0.65, Touch Screen Code TS03x-V | TS04X-V - 1.10.45a, Touch Screen Code TS05 - 1.10.36, App version: 1.10.77, App version: 1.10.65, App version: 1.10.64, App version: 1.10.62, App version: 1.10.60, App version: 1.10.52, App version: 1.10.52A, App version: 1.10.49, App version: 1.10.46, App version: 1.10.45, App version: 1.10.44, App version: 1.10.35, App version: 1.10.25, App version: 1.10.22, App version: 1.10.11, App version: 1.8.4, App version: TS1-1.0.65, App version: TS1-1.0.62, App version: TS1-1.0.44, App version: TS1-1.0.10, App version: TS1-1.0.9.
Wing FTP Server 6.0.7 is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the unquoted service path. The PoC shows that the service path is not quoted, which allows an attacker to inject malicious code into the service path.
The wireless BMS solution has an undocumented backdoor account that is Base64-encoded. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the controller thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control.
Services By CQR