Jasmin Ransomware's web panel allows authenticated users to download arbitrary files due to a SQL Injection vulnerability, potentially leading to unauthorized access to sensitive data. This vulnerability has been assigned CVE-2025-XXXXX.
An attacker can exploit GetSimpleCMS version 3.3.16 by creating a malicious .phar file that contains a PHP script allowing the execution of arbitrary commands. By uploading this file through a vulnerable upload functionality, the attacker can trigger the execution of the injected code remotely, leading to a remote code execution vulnerability. This vulnerability is identified as CVE-2021-28976.
The UNA CMS version <= 14.0.0-RC4 is vulnerable to PHP object injection in the BxBaseMenuSetAclLevel.php script. This vulnerability occurs due to unsanitized user input in the 'profile_id' POST parameter, which is then used in an unserialize() PHP function call. Remote unauthenticated attackers can exploit this to inject arbitrary PHP objects, enabling various attacks like executing malicious PHP code.
Snipe-IT version 8.0.4 and below has an IDOR vulnerability in the `/locations/<id>/printassigned` endpoint. This allows an authenticated user to access asset assignment data of other departments by changing the `location_id` in the URL.
The ZTE ZXHN H168N 3.1 router is vulnerable to remote code execution due to an authentication bypass. By exploiting this vulnerability, an attacker can execute arbitrary code on the target device. This vulnerability has not been assigned a CVE ID yet.
An SSRF vulnerability in IBM Navigator for i allows an authenticated attacker to send unauthorized requests from the system, potentially enabling network enumeration or other attacks. The vulnerability exploits a HTTP servlet generated security token bypass (CVE-2024-51464), allowing attackers to abuse the 'testConnectPort' servlet method to connect to any IP and PORT outside of the LAN, bypassing firewall rules and potentially connecting to attacker-controlled infrastructure.
The WordPress plugin Royal Elementor Addons and Templates before version 1.3.79 does not properly validate uploaded files, allowing unauthenticated users to upload arbitrary files, including .php files, which can lead to Remote Code Execution (RCE).
GestioIP v3.5.7 is vulnerable to CSRF attacks due to multiple endpoints. An attacker can trick an authenticated admin to visit a malicious URL, leading to unauthorized actions such as data modification, deletion, or exfiltration.
The exploit allows remote code execution in Apache Commons Text version less than 1.10.0 by sending a malicious payload via a POST request. This exploit uses a script interpolator to execute arbitrary commands on the target system.
The compop.ca 3.5.3 version of the restaurant management system is susceptible to arbitrary code execution due to the insecure implementation of authentication using a Unix timestamp parameter ('ts') in the URL. This vulnerability allows attackers to manipulate the timestamp parameter, which lacks proper authentication controls.
Services By CQR