Bypass authentication, inject commands and execute them. Required login page or no authentication (doesn't work with 'Basic-Auth' setting). There are 3 injection modes. The 1st and the 2nd bypass the char filter: 1.Default mode insert the commands in a script and reply with it once to an HTTP request. Set address and port of the attacker host with -H and -P. 2.(-zipcmd) a zip icon pack will be uploaded. The domoticz installation path can be optionally specified with -path /opt/domoti.. 3.(-direct) commands executed directly. Characters like & pipe or redirection cannot be used. The execution may block domoticz web server until the end.
This module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6. Spring Cloud Config listens by default on port 8888.
HumHub version 1.3.12 is vulnerable to Cross-Site Scripting (XSS). An attacker can inject malicious JavaScript code into the vulnerable parameter of the index.php file. This malicious code will be executed in the browser of the victim when the vulnerable page is accessed.
Due to inexistent authorization on router API on authenticated IP addresses, an attacker can use this weak spot to change router configurations and take the current administrator password.
A SQL injection vulnerability exists in Joomla! Component ARI Quiz 3.7.4. An attacker can send a malicious HTTP request to the vulnerable server and execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate or disclose arbitrary data in the back-end database.
Veeam ONE Reporter is vulnerable to stored cross-site scripting. An attacker can inject malicious JavaScript code into the Caption field of the Add/Edit Widget page, which is stored in the database and executed when the page is viewed by an authenticated user.
Veeam ONE Reporter is vulnerable to stored cross-site scripting (XSS). An attacker can inject malicious JavaScript code into the Description field of the addDashboard or editDashboard methods of the CommonDataHandlerReadOnly.ashx page. This code will be executed when the page is viewed by an authenticated user.
A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. When the request is processed, it exposes the administrator password in clear text before getting redirected to 'absw_vfysucc.cgia'. An attacker can use this password to gain administrator access of the targeted routers web interface.
This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another service or user to create a setuid binary that can be used to access its UID beyond the lifetime of the service.
A denial of service vulnerability exists in NSauditor 3.1.2.0 when a maliciously crafted 'Name' field is supplied to the application. An attacker can exploit this vulnerability to crash the application, denying service to legitimate users.
Services By CQR