JumpStart 0.6.0.0 is vulnerable to Unquoted Service Path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system. The vulnerability exists due to the application not quoting the path of the service when it is installed. This allows an attacker to gain access to the service and execute arbitrary code with elevated privileges.
Cross-Site scripting vulnerability in the description field. This XSS completely breaks the web application.
Easy authentication bypass vulnerability on the application allowing the attacker to login. The vulnerable file is login.php Line: 29,30 and the payload is '=''or'
ClonOs WEB UI 19.09 is vulnerable to improper access control. An attacker can exploit this vulnerability to gain access to the user accounts and change the passwords of the users.
AUO SunVeillance Monitoring System all versions prior to v1.1.9e that is vulnerable to SQL Injection. The vulnerability can allow the attacker inject maliciously SQL command to the server which allows the attacker to read privileged data. Access the sending mail page of AUO SunVeillance Monitoring System (/Solar_Web_Portal/mvc_send_mail.aspx) without any authentication. There is a parameter, MailAdd, in mvc_send_mail.aspx. Modify the value of parameter MailAdd with single quotation. The error messages contains oracle database information. By using sqlmap tools, attacker can acquire the database list which in server side. Furthermore, there are a few SQL Injection vulnerabilities in other fields such as picture_manage_mvc.aspx (parameter: plant_no), swapdl_mvc.aspx (parameter: plant_no) and account_management.aspx (parameter: Text_Postal_Code, Text_Dis_Code).
An issue was discovered in AUO SunVeillance Monitoring System. There is an incorrect access control vulnerability that can allow the attacker to bypass the authentication mechanism, and upload files to the server without any authentication.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
Rocket.Chat version 2.1.0 is vulnerable to Cross-Site Scripting (XSS). An attacker can craft a malicious payload and send it to a victim via a chat session. When the victim opens the chat session, the malicious payload will be executed and the attacker can gain access to the victim's token which is written in logs.txt on the attacker's web server.
An exploitable command injection vulnerability exists in the CLI functionality, which is provided by the Telnet and SSH services. An authenticated attacker (with admin or configadmin privileges) can abuse the ping feature to execute commands on the router. As the CLI is executed with root privileges, it is possible to obtain a root shell on the device. An unauthenticated attacker can retrieve all the log files (Firewall, IPSec and System) from the webserver. In order to exploit the issue, a legitimate user had to export the log files previously.
This module exploits a vulnerability in Total.js CMS. The issue is that a user with admin permission can embed a malicious JavaScript payload in a widget, which is evaluated server side, and gain remote code execution.
Services By CQR