This module exploits a remote code execution vulnerability in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series. Remote Code Execution can be performed via a malicious field value.
As described here: https://blog.kos-lab.com/Hello-World/ the Ncloud 300 device does not properly enforce authentication, allowing an attacker to remotely download the configurations backup ('/cgi-bin/ExportSettings.sh'). The configurations backup file contains the web interface username and password. Also, there are hardcoded credentials in the telnet service (root:cary), in cases where root user does not exist, it was replaced by the web interface credentials. This exploit downloads the backup file and tries to use the credentials to log into the device using telnet.
An issue was discovered in Online Booking system - NodAPS 4.0 script. With Cross-site request forgery (CSRF) vulnerability, attacker can hijack the authentication of users remotely. Put ' in the search parameter and you will have SQL syntax error. You can use 'extractvalue()' or 'updatexml()' functions to get data from database.
The used XML parser is resolving XML external entities which allows an authenticated attacker (or an attacker that is able to trick an authenticated user into importing malicious XML fils) to read arbitrary files from the server's file system. The web application is vulnerable to reflected XSS. An attacker can inject malicious JavaScript code into the application which is then executed in the context of the user's browser.
This module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This module makes use of the roothelper.c exploit from Qualys to insert a new user with UID=0 in /etc/passwd.
The plugin's settings page sends a nonce, and checks it when displaying the success/failure message, but is not checked when setting options. This option is meant to contain JavaScript for Google Tag Manager, so it's displayed on every frontend page without escaping. As this vulnerability allows adding arbitrary JavaScript, the attacker can use it to control an admin user's browser to do almost anything an admin user can do.
The totemomail Encryption Gateway protects email communication with any external partner by encryption. Compass Security discovered a vulnerability in the webmail part of the solution. It is possible to predict all parameters that are required to execute actions on the webmail interface. This allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks. The attacker needs to craft a malicious web page that will automatically send a request to the Encryption Gateway. If the user is logged in, the request will be executed by the Encryption Gateway on behalf of the logged in user. This could be used to change a user's settings, send emails or change contact informations.
Horse Market Sell & Rent Portal Script has CSRF vulnerability which attacker can change user information.
Multiplayer BlackJack - Online Casino Game script has persistent cross site scripting that attacker can set malicious payload into the vulnerable parameter. To exploit this vulnerability, an attacker can click on the 'sit' button in the web page, put a malicious payload into the 'name' input and set a wallet number.
A Cross-Site Scripting (XSS) vulnerability was discovered in Rockwell Scada System. The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'name' parameter to '/rokform/SysDataDetail' script. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable website. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Services By CQR