The KYOCERA Net Admin 3.4 application allows users to perform actions via HTTP requests without performing validity checks. This can be exploited to perform actions with administrative privileges if a logged-in user visits a malicious website.
KYOCERA Multi-Set Template Editor (part of Net Admin) suffers from an unauthenticated XML External Entity (XXE) injection vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data from the affected node via out-of-band (OOB) channel attack. The vulnerability is triggered when input passed to the Multi-Set Template Editor (kmmted.exe) called by the ActiveX DLL MultisetTemplateEditorActiveXComponent.dll is not sanitized while parsing a 5.x Multi-Set template XML file.
The vulnerability allows an attacker to execute arbitrary SQL commands on the affected system.
This vulnerability allows an attacker to execute arbitrary code on the target system. The vulnerability exists in the 'adodb-perf-module.inc.php' file, where user-supplied input is not properly sanitized before being passed to an 'eval' function. An attacker can exploit this vulnerability by sending a specially crafted request to the affected system, resulting in the execution of arbitrary PHP code.
There is a vulnerability. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.
This exploit allows for remote code execution on LineageOS 14.1 (Android 7.1.2) devices that are not patched against the Blueborne vulnerability. It takes advantage of the CVE-2017-0781 vulnerability.
The iziContents <= RC6 has multiple vulnerabilities that can lead to remote file inclusion, local file inclusion, and remote file disclosure. The RFI vulnerabilities can be exploited through various modules such as search.php, inlinepoll.php, showpoll.php, showlinks.php, and submit_links.php. The LFI vulnerabilities can be exploited through poll_summary.php and db.php. The remote file disclosure vulnerability can be exploited through tiny_mce_gzip.php.
This module exploits a vulnerability in browsers using well-known property of WebRTC (Web Real-Time Communications) which enables Web applications and sites to capture or exchange arbitrary data between browsers without requiring an intermediary.
This exploit allows an attacker to include remote files in the Joomla Component Flash Slide Show Image Gallery. The vulnerability is considered high risk.
This module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code as the web server user. Credentials for a valid user account with Administrator roles is required to run this module. This module has been tested successfully on ProcessMaker versions 1.6-4276, 2.0.23, 3.0 RC 1, 3.2.0, 3.2.1 on Windows 7 SP 1; and version 3.2.0 on Debian Linux 8.
Services By CQR