SDL Web Content Manager build 8.5.0 is vulnerable to XXE vulnerability in SaveUserSettings web service. SaveUserSettings web service takes XML values as a parameter. The webservices allows and accepts XML external entity which allows an attacker to read sensitive files from the server. Moreover it can be used to perform network port scanning to internal network.
The vulnerability is triggered when sending an overly long HTTP request to the MiniShare web server.
An authentication bypass vulnerability exists in the Double Your Bitcoin Script Automatic 2018 for $50 application. An attacker can exploit this vulnerability by sending a crafted HTTP request with a username and password set to '=''or' to the /admin/index.php page, allowing them to bypass authentication and gain access to the application.
UltraISO 9.7.1.3519 is vulnerable to a denial of service attack when a maliciously crafted file is opened. An attacker can exploit this vulnerability by creating a specially crafted file and then convincing a user to open it. This will cause a denial of service condition.
An attacker can exploit a vulnerability in Facebook And Google Reviews System For Businesses 1.1 to execute arbitrary code. By sending a specially crafted HTTP POST request, an attacker can inject malicious code into the 'photo' parameter of the 'custom_reviews_add.php' script. This can be exploited to execute arbitrary PHP code on the vulnerable system.
A SQL injection vulnerability exists in Facebook And Google Reviews System For Businesses 1.1, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'campaign_add.php' script.
A denial of service vulnerability exists in Angry IP Scanner 3.5.3 due to a buffer overflow when copying a large amount of data to the clipboard. An attacker can exploit this vulnerability by running a python code to create a file with a large amount of data, copying the data to the clipboard, and then pasting it into the 'El valor no está disponible (sin resultados):' field in the 'Preferencias' tab of the 'Herramientas' toolbar. This will cause the application to crash.
An attacker can exploit this vulnerability by crafting a malicious HTML page that contains a form with pre-filled values. When the victim visits the malicious page, the form will be automatically submitted and the attacker can change the password of the admin user.
This exploit is for Huawei HG532e Router. It is a command injection vulnerability which allows an attacker to execute arbitrary commands on the vulnerable router. The exploit uses the Upgrade service of the router to execute the commands. The exploit is written in Python and uses the requests library to send the malicious payload to the router.
Fortify SSC (Software Security Center) 17.10, does not properly check ownership of 'authEntities', which allows remote authenticated (view-only) users to read arbitrary details via API bulk parameter to /api/v1/projectVersions/{NUMBER}/authEntities
Services By CQR