The Cain & Abel version 4.9.56 software on Windows 10 x64 is vulnerable to an unquoted service path vulnerability. The 'Abel' service has a binary path name that is not properly quoted, which could allow an attacker to escalate privileges and execute arbitrary code with the permissions of the LocalSystem account.
The 'id' parameter in Exam Reviewer Management System web application is vulnerable to SQL Injection.
The Hospital Management System v4.0 is suffering from Multiple SQL-Injections via three parameters in function.php, contact.php, and func3.php applications. The attacker can be receiving the all information from the system by using this vulnerability, and also the malicious actor can use sensitive information from the customers of this system. WARNING: If this is in some external domain, or some subdomain, or internal, this will be extremely dangerous!
This module exploits MQTT creds dump vulnerability in Servisnet Tessa. The app.js is publicly available which acts as the backend of the application. By exposing a default value for the "Authorization" HTTP header, it is possible to make unauthenticated requests to some areas of the application. Even MQTT(Message Queuing Telemetry Transport) protocol connection information can be obtained with this method. A new admin user can be added to the database with this header obtained in the source code. The module tries to log in to the MQTT service with the credentials it has obtained, and reflects the response it receives from the service.
LearnPress is a WordPress plugin that allows users to create a Learning Management System (LMS). The plugin allows users to upload an image as a profile avatar, which is then cropped and saved. However, there is a vulnerability in the plugin that allows an attacker to rename arbitrary image files by manipulating the POST request sent to the server. This can result in the destruction of website design elements such as banners, avatars, post images, and buttons. The vulnerability can be exploited by registering and logging in to the LearnPress system, uploading an avatar image, intercepting the POST request with a tool like Burpsuite, and changing the value of the `lp-user-avatar-crop[name]` parameter to an arbitrary image file path on the website. The attacker can then forward the modified request and check for the existence of the renamed image file.
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue.
Multiple non-persistent cross site web vulnerabilities in the uBidAuction v2.0.1 script web-application.
Ametys CMS v4.4.1 is vulnerable to persistent cross-site scripting (XSS) attacks. An attacker can exploit this vulnerability by injecting malicious scripts into user input fields, which will be executed by the victim's browser.
A successful attempt would cause the local user to be able to insert their code in the system root path undetected by the OS or other security applications and elevate his privileges after reboot.
Services By CQR