This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Synology Photo Station. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SYNOPHOTO_Flickr_MultiUpload function. When parsing the prog_id parameter, the process does not properly validate a user-supplied string before using it to execute a call to file_put_contents. An attacker can leverage this vulnerability to execute code under the context of the PhotoStation user.
A command inject web vulnerability has been dioscovered in the official Flash Operator Panel v2.31.03 web-application. The vulnerability allows remote attackers to execute system specific commands on the application-side of the vulnerable service. The vulnerability is located in the `name` value of the `adduser` module. Remote attackers are able to inject own system specific commands to compromise the web-application or connected service. The request method to inject is POST and the attack vector is located on the application-side.
A buffer overflow vulnerability exists in OBS-Studio-20.1.3 when a maliciously crafted input is processed by the application. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. To exploit this vulnerability, an attacker must first copy a specially crafted string to the clipboard, then create a new profile in the application and paste the string into the input field. This will cause a buffer overflow and allow the attacker to execute arbitrary code.
ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.
Adminer is vulnerable to Server Side Request Forgery (SSRF) allowing an attacker to initiate unauthenticated connections to arbitrary systems/ports. This vulnerability can be used to potentially bypass firewalls to identify internal hosts and perform port scanning of other servers for reconnaissance purposes.
RISE Ultimate Project Manager version 1.9 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a malicious payload to the application via the 'search' parameter in the POST request. This payload will cause the application to sleep for 20 seconds, indicating a successful exploitation of the vulnerability.
PerfexCRM 1.9.7 is prone to unrestricted file upload that lead to system take over by misconfigured elfinder plugin. Bypassing the misconfigured file upload with file .php5 and bypassing the file content restriction by adding TEXT line to represent mime type text.
While most applications require authentication to gain access to private information or to execute tasks, not every authentication method is able to provide adequate security. Negligence, ignorance, or simple understatement of security threats often result in authentication schemes that can be bypassed by simply skipping the log in page and directly calling an internal page that is supposed to be accessed only after authentication has been performed. In addition, it is often possible to bypass authentication measures by tampering with requests and tricking the application into thinking that the user is already authenticated. This can be accomplished either by modifying the given URL parameter, by manipulating the form, or by counterfeiting sessions.
ImgHosting 1.5 is vulnerable to XSS attacks. The affected function is its search engine. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.
This script will return a reverse shell on specified listener address and port. Ensure you have started a listener to catch the shell before running!
Services By CQR