This exploit allows an attacker to inject malicious scripts into the content-type field of a POST request, leading to stored cross-site scripting attacks.
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
The Joomla component com_awesom is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries into the 'listid' parameter of the 'viewlist' task in the 'index.php' file. This allows the attacker to retrieve sensitive information from the database, such as usernames and passwords.
You can download files from "/lib/attachments/attachmentdownload.php", passing directly in URL the id of file listed on database, otherwise you can iterate the id parameter (from 1)
This exploit allows an authenticated user to upload a malicious PHP script and execute arbitrary code on the server. The vulnerability exists in Croogo version 3.0.2.
RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allows users with the "sub-admin" privilege to access any files on the PBX's file system.
By default, the Authenticated Users group has the modify permission to MilleGPG5 folders/files. A low privilege account can rename the mysqld.exe file located in the bin folder and replace it with a malicious file that would connect back to an attacking computer, giving system level privileges (nt authoritysystem) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file.
This vulnerability allows an attacker to inject a malicious script permanently stored on the target server, such as in a database or comment field. The script is then executed when the victim retrieves the stored information, potentially allowing the attacker to steal sensitive data, such as cookies.
The orangescrum version 1.8.0 is vulnerable to multiple SQL injection attacks. An authenticated user can manipulate certain parameters to execute arbitrary SQL queries.
The HTTPDebuggerPro software version 9.11 on Windows 10 x64 is vulnerable to an unquoted service path. This vulnerability allows an attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory with a space in its name, leading to the service loading the malicious executable instead of the intended one.
Services By CQR