An XML External Entity Injection (XXE) vulnerability was discovered in oXygen XML Editor 21.1.1. The vulnerability allows an attacker to read arbitrary files on the vulnerable system. The vulnerability is triggered when a user opens a malicious XML file. The malicious XML file contains an XML External Entity (XXE) declaration which references a malicious DTD file hosted on a remote server. The malicious DTD file contains an entity declaration which references a file on the vulnerable system. When the malicious XML file is opened, the vulnerable application attempts to parse the malicious DTD file, which in turn causes the vulnerable application to attempt to read the file referenced in the entity declaration. This allows an attacker to read arbitrary files on the vulnerable system.
The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While tesing, the device was rebooted after the attack.
A directory traversal vulnerability exists in gSOAP 2.8 which allows an attacker to read arbitrary files on the server. This is due to the application not properly sanitizing user-supplied input. An attacker can send a specially crafted HTTP request containing directory traversal characters (e.g. '../') to read arbitrary files on the server.
This script is used to exploit a XSS vulnerability found in a Technicolor device. The vulnerability is triggered when a DHCP request is sent with a malicious hostname parameter, which is then stored in the device's configuration. This allows an attacker to execute arbitrary JavaScript code in the context of the user's browser when they access the device's web interface.
An attacker can send a specially crafted HTTP POST request to the target server, containing a malicious payload in the form of a long string of characters in the 'admin' and 'person' parameters. This will cause the server to crash, resulting in a denial of service.
Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name Exploit allows an attacker to bypass authentication by downloading the backup config file and extracting the MD5 hashes of the usernames and passwords from the database.
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin Core HCM v5.4.0 HRMS Software. The user supplied input containing malicious JavaScript is echoed back as it is in JavaScript code in an HTML response.
Optergy Proton/Enterprise BMS is vulnerable to Cross-Site Request Forgery (CSRF) which allows an attacker to add an admin user to the system. An attacker can craft a malicious HTML page containing a form with the necessary parameters to add an admin user to the system. When a logged-in user visits the malicious page, the form will be automatically submitted and an admin user will be added to the system.
A vulnerability exists in FlexAir Access Control (Prima Systems) Firmware version: <= 2.3.38, which allows an attacker to execute arbitrary code with root privileges. This is achieved by sending a specially crafted payload to the server, which is then executed. The payload is sent via a POST request to the /bin/sysfcgi.fx endpoint, and the output is stored in the /www/pages/app/images/logos/output.txt file.
Unauthenticated Remote Root Exploit in Optergy BMS (Console Backdoor) Affected version <=2.0.3a (Proton and Enterprise)
Services By CQR