The Opencart Version 3.x.x allows editing Source/HTML of the Categories / Product / Information pages in the admin panel which isn't sanitized to user input allowing for an attacker to execute arbitrary javascript code leading to Stored Cross-Site-Scripting(XSS).
This exploit allows an attacker to inject a malicious 'Host' header into a request sent to a vulnerable Cisco (Titsco) Email Security Appliance (IronPort) C160 device. This can be used to bypass authentication and gain access to the device.
The WordPress plugin 'WooCommerce Product Feed' does not correctly sanitize user-input, which leads to Cross-Site Scripting in the Admin Panel. Since it is WordPress, it's fairly easy to get RCE with this XSS, by editing the theme files via (for example) XHR requests with included Javascript.
YouPHPTube before 7.5 does no checks at all if you wanna generate a new config file. We can use this to generate our own config file with our own (malicious) code. All you need is a MySQL server that allows remote connections.
The software 'DomainMOD' is vulnerable for Cross-Site Scripting in the file '/reporting/domains/cost-by-month.php' in the parameter 'daterange'. Almost all other files that use the parameter 'daterange' are vulnerable.
Multiple File Upload Restriction Bypass vulnerabilities were found in Sentrifugo 3.2. This allows for an authenticated user to potentially obtain RCE via webshell. File upload bypass locations: /sentrifugo/index.php/mydetails/documents -- Self Service >> My Details >> Documents (any permissions needed) sentrifugo/index.php/policydocuments/add -- Organization >> Policy Documents (higher permissions needed). POC: Self Service >> My Details >> Documents >> add New Document (/sentrifugo/index.php/mydetails/documents), Turn Burp Intercept On, Select webshell with valid extension - ex: shell.php.doc, Alter request in the upload... Update 'filename' to desired extension. ex: shell.php, Change content type to 'application/x-httpd-php'.
A vulnerability in Asus Precision TouchPad 11.0.0.25 allows an attacker to cause a denial of service or privilege escalation by sending a specially crafted DeviceIoControl request. This vulnerability is due to insufficient input validation when handling DeviceIoControl requests. An attacker can exploit this vulnerability by sending a specially crafted DeviceIoControl request to the vulnerable driver. Successful exploitation of this vulnerability could result in denial of service or privilege escalation.
The ContentProvider in the Canon PRINT 2.5.5 application for Android does not properly restrict data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for administrator web-interface and WPA2-PSK key. The mobile application contains unprotected exported content providers ('IJPrinterCapabilityProvider' in android/AndroidManifest.xml) that discloses sensitive application’s data under certain conditions. To securely export the content provider, one should restrict access to it by setting up android:protectionLevel or android:grantUriPermissions attributes in Android Manifest file.
A denial of service vulnerability exists in SQL Server Password Changer v1.90 when a maliciously crafted User Name and Registration Code is entered into the application, resulting in a crash. An attacker can exploit this vulnerability by running a python code to create a file containing 6000 bytes of 'x41' characters, copying the content of the file to the clipboard, opening SQL Server Password Changer and clicking 'EnterKey', pasting the content of the file into the 'User Name and Registration Code' field, and clicking 'OK' to trigger the crash.
The above code is trying to inline GetByVal operations on stack-allocated arguments. The problem is, it doesn't check whether "index" is lower than "numberOfArgumentsToSkip", i.e., "index" was overflowed. This bug is exploitable as this can lead to uninitialized variable access under ceratin conditions.
Services By CQR