This exploit allows an attacker to gain remote code execution on a Splunk Enterprise 7.2.3 instance by uploading a malicious app. The malicious app contains a reverse shell that will connect back to the attacker's machine. The exploit uses a Firefox webdriver to navigate to the upload page, upload the malicious app, and install it.
Run the python script, it will create a new file 'PoC.txt'. Copy the text from the generated PoC.txt file to clipboard and paste the text in the add Desktop > add user account >UserName. App will now crash.
SimplePress CMS version 1.0.7 is vulnerable to SQL injection. An attacker can send a malicious SQL query to the application via the 'p' or 's' parameter in the URL. This can be exploited to bypass authentication and gain access to the application.
A SQL injection vulnerability exists in Joomla! Component J-CruisePortal 6.0.4, which allows an attacker to execute arbitrary SQL commands via the 'guest_adult' parameter in a 'cruises/cruises' POST request. This can be exploited to read, modify or delete data from the database.
A SQL injection vulnerability exists in Joomla! Component J-ClassifiedsManager 3.0.5. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to sensitive information from the database. This can be exploited to manipulate SQL statements by injecting arbitrary SQL code in the affected parameter.
A SQL injection vulnerability exists in Joomla! Component J-BusinessDirectory 4.9.7. An attacker can send a malicious HTTP request to the vulnerable server and execute arbitrary SQL commands in the back-end database.
A SQL injection vulnerability exists in Joomla! Component VMap 1.9.6. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information or to manipulate data. This vulnerability can be exploited without authentication.
A SQL injection vulnerability exists in Joomla! Component vRestaurant 1.9.4, which allows an attacker to execute arbitrary SQL commands via the 'keysearch' parameter in a POST request to the '/[PATH]/menu-listing-layout/menuitems' endpoint. This can be exploited to gain access to sensitive information from the database.
A SQL injection vulnerability exists in Joomla! Component vReview 1.9.11. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate or disclose arbitrary data in the back-end database.
A SQL injection vulnerability exists in Joomla! Component vAccount 2.0.2, which allows an attacker to execute arbitrary SQL commands via the 'vid' parameter in a 'expense' page request. This can be exploited to read, modify or delete data from the database.
Services By CQR