ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload which is being used by default. This can be used by an attacker to perform actions for an admin (or any user with file upload capability). With this vulnerability, it can automatically upload file/s (by default it allows aac,au,avi,css,cache,doc,docx,gz,gzip,htm,html,js,mp3,mp4,mpeg,mpg,ods,odp,odt,pdf,ppt,pptx,rar,tar,tgz,txt,wav,wmv,xls,xlsx,xml,z,zip as file types). Note that web shell that can be used for remote code execution can be achieved depending on the file types being accepted. Uploaded file can be accessed publicly on the "/assets/files" directory (e.g. uploaded a malicious html file with filename: poc.html file => http://<clipperwebsite>/clipper/assets/files/poc.html). This can lead for the website to be host unintended file/s.
Silurus Classifieds Script 2.0 is vulnerable to SQL injection. An attacker can inject arbitrary SQL commands into the 'ID' parameter of the 'wcategory.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can be used to bypass authentication and gain access to the application.
Gumbo CMS 0.99 is vulnerable to SQL Injection. An attacker can send a malicious HTTP POST request to the settings/en page with a crafted payload in the language parameter to execute arbitrary SQL commands in the back-end database. This can be exploited to gain access to sensitive information such as usernames and passwords stored in the database.
ABC ERP 0.6.4 is vulnerable to Cross-Site Request Forgery (CSRF) which allows an attacker to update the admin credentials. An attacker can send a malicious request to the vulnerable application which will update the admin credentials without the user's knowledge. This can be exploited by sending a malicious request to the vulnerable application with the new admin credentials.
Easyndexer 1.0 is vulnerable to an arbitrary file download vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The application will then respond with the requested file, which can be used to gain access to sensitive information.
Tina4 Stack 1.0.3 is vulnerable to Cross-Site Request Forgery (CSRF) which allows an attacker to update the admin credentials. An attacker can craft a malicious request to update the admin credentials and gain access to the admin panel. This vulnerability can be exploited without authentication.
Tina4 Stack 1.0.3 is vulnerable to SQL Injection and Database File Download. An attacker can exploit this vulnerability to gain access to the database file and extract sensitive information. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'kim.db' and 'kim/menu/get/1' parameters. An attacker can send a malicious HTTP request to the vulnerable application and gain access to the database file and extract sensitive information.
The only condition that have to be met for this PE to work via SSH, is that the legitimate non-root user has to be logged in trought console at the moment the PE script launched. In fact during the logged in session of the legitimate non-root user, a file with the name of the non-root user will be created in the /var/run/console folder. With that file present, the same non-root user can launch a Xorg command via SSH.
Musicco 2.0.0 is vulnerable to an arbitrary directory download vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The application will then respond with a zip file containing the contents of the requested directory.
A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion.
Services By CQR