NETSAS Pty Ltd Enigma NMS is vulnerable to OS Command Injection. An attacker can exploit this vulnerability to execute arbitrary commands on the vulnerable system. This vulnerability exists due to insufficient sanitization of user-supplied input in the 'ip_address' parameter of the 'discover_and_manage.cgi' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. Successful exploitation of this vulnerability can result in arbitrary code execution on the vulnerable system.
Dolibarr ERP & CRM is vulnerable to SQL Injection via the elemid parameter. An attacker can exploit this vulnerability to gain access to sensitive information from the database. The payloads used in the exploit are error-based and time-based blind.
This attack can bypass Simple WAF to access restricted content on the web server, something like phpMyAdmin; This attack can deface the vulnerable Wordpress website with content from the default vhost;
A combination of three different vulnerabilities permits an uauthenticated attacker to gain local administrator privileges on the Publisure Hybrid Mail server.
FusionPBX is vulnerable to a Remote Code Execution vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable service_cmd_start parameter. This will allow the attacker to execute arbitrary code on the vulnerable system.
Attackers possessing user-only rights can gather intelligence or profile other user account activities by brute forcing a correct file name. This is possible because Windows returns inconsistent error messages when accessing unauthorized files that contain a valid extension or have a "." (dot) as part of the file or folder name.
The Inventory Webapp is vulnerable to SQL injection. The vulnerable page is '/php/add-item.php' and the vulnerable source code is on lines 39, 40, 41, 42 and 49. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable page. The proof of concept is http://site.com/php/add-item.php?itemquery=[SQL]
Exploits CVE-2019-11539 to run commands on the Pulse Secure Connect VPN. Downloads Modified SSH configuration and authorized_keys file to allow SSH as root.
Multiple Cross-Site Scripting (XSS) in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters.
In the pro features of the WordPress download manager plugin, there is a Category Short-code feature witch can use to sort categories with order by a function which will be used as ?orderby=title,publish_date. By adding parameter '>' and add any XSS payload, the xss payload will execute.
Services By CQR