A vulnerability in TP-Link Technologies TL-WA850RE Wi-Fi Range Extender allows an unauthenticated attacker to remotely reboot the device. The vulnerability exists due to the lack of authentication for the /data/reboot.json endpoint. An attacker can send a specially crafted HTTP request to the vulnerable endpoint to reboot the device.
Allok AVI to DVD SVCD VCD Converter 4.0.1217 is vulnerable to a buffer overflow vulnerability when a maliciously crafted License Name is provided. This can be exploited to execute arbitrary code by overwriting the SEH handler with a pointer to the malicious code.
When editing a thread the user is given to the option to convert the thread to a link. Persistent XSS can be achieved by editing a thread or post and inputting <a """><SCRIPT>alert("XSS")</SCRIPT>"> in the Thread Link box. The plugin has since been removed after notifying the author and the patch in line 83 of the plugin should be changed from $thread['tlink'] = ($thread['tlink']); to $thread['tlink'] = htmlspecialchars_uni($thread['tlink']);
SickRage returns clear-text credentials for e.g. GitHub, AniDB, Kodi, Plex etc. in HTTP responses. Prerequisite is that the user did not set a username and password for their SickRage installation. (not enforced, default)
The WordPress Plugin WP with Spritz version 1.0 is vulnerable to Remote File Inclusion. An attacker can exploit this vulnerability by sending a malicious URL in the 'url' parameter of the 'wp.spritz.content.filter.php' script. This can allow the attacker to execute arbitrary code on the vulnerable system.
Jfrog Artifactory < 4.16 is vulnerable to unauthenticated arbitrary file upload and directory traversal vulnerabilities. The vulnerabilities are within the upload api "/artifactory/ui/artifact/upload", require that "Allow Anonymous Access" is enabled (as it is on a default installation) and can be abused to create or overwrite files on the server. Specifically, it is possible to create or overwrite any files inside the application folder (scenario 1) or deploy a new application (scenario 2) and execute arbitrary code on the server.
This exploit requires authentication and the power of deleting a node. The attacker must send a POST request to the vulnerable form, retrieve the form_build_id from the response, and then send another POST request with the form_build_id to trigger the exploit. This will display the result of the whoami command.
When the parser parses the parameter list of an arrow function containing destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a '=>' token. So it first assigns the destructuring assignments to the outer scope, and fixs the scope when it meets the '=>' token. However, the RewindDestructuringAssignments method is only called when the arrow function's body starts with a '{' token, which can lead to the scope of the inner destructuring assignments being set to the outer arrow function's scope.
Local File Inclusion vulnerability found logged as low privileged user. Proof of Concept (PoC): LFI: http://localhost/[path]/admin/download?type=task&filename=../../../../../../../../etc/passwd
Authenticated Stored XSS vulnerability found logged as low privileged user. Proof of Concept (PoC): Dashboard > My Profile. Write the payload on the 'First Name' input field: john doe<script>alert()</script>
Services By CQR