Mitsubishi Electric smartRTU & INEA ME-RTU are vulnerable to unauthenticated OS command injection. An attacker can send a specially crafted HTTP POST request to the vulnerable device to execute arbitrary OS commands. This vulnerability can be exploited without authentication.
This exploit allows an attacker to download the configuration file of a Mitsubishi Electric smartRTU or INEA ME-RTU without authentication. The exploit is triggered by sending a GET request to the saveSettings.php page of the device, which will return the configuration file in XML format.
The PoC can crash VxWorks tasks(set the port corresponding to the task in the PoC), such as telnet, ftp, etc.
A SQL Injection vulnerability exists in Joomla! component com_jsjobs in line 296 of the file site/models/cities.php. An attacker can send a malicious HTTP request containing a specially crafted SQL query to the vulnerable parameter citydata in order to execute arbitrary SQL commands in the context of the vulnerable application.
This exploit allows an attacker to inject arbitrary commands into Ghidra Linux version <= 9.0.4. The exploit is achieved by creating a malicious .gar file which contains a malicious decompile file. The malicious decompile file contains a command injection payload which is executed when the .gar file is opened in Ghidra. The malicious payload is used to open a reverse shell to the attacker's machine.
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions.
This vulnerability is caused when processing custom user field. An authenticated user can delete arbitrary files on the server by sending a crafted POST request to the vulnerable file.
A SQL injection vulnerability exists in the Joomla! component com_jssupportticket in the admin/models/ticketreply.php file. The vulnerable code is in line 31, where the ticketrandomid parameter is not properly sanitized before being used in a SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious ticketrandomid parameter.
Services By CQR