This exploit allows an unauthenticated attacker to upload arbitrary files to the GFI Mail Archiver software. The vulnerability exists in the Telerik UI component used by the software, which allows unrestricted file upload. By exploiting this vulnerability, an attacker can upload malicious files to the server, potentially leading to remote code execution or unauthorized access to sensitive information.
This exploit allows an authenticated user with teacher privileges to execute arbitrary code on a Moodle 3.9 instance. The exploit is based on a proof of concept (PoC) and payload that assigns full permissions to the manager role. The exploit script assigns the necessary permissions to the teacher role, allowing for code execution.
This is an unpublished RST/GHC exploit code for the ibProArcade version 3.3.0. It allows an attacker to perform SQL injection.
CMSuno version 1.7 and prior is vulnerable to a stored cross-site scripting. The attacker must be authenticated to exploit the vulnerability. The payload injection is done while updating the template's image filename, vulnerable parameter is *tgo*.
The BEMS suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the 'page' GET parameter in index.php is not properly verified before being used to include files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.
The BEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.
PEEL Shopping is an eCommerce shopping cart application in PHP / MySQL which works on any hosting. Public user/guest (unauthenticated) can inject malicious SQL query in order to affect the execution of predefined SQL commands via the "id" parameter on the "/peel-shopping_9_4_0/achat/produit_details.php?id=[SQLi]" endpoint. Upon successful of SQL injection attack, attacker can read sensitive data from the database or modify database data.
The WordPress plugin LearnPress version 3.2.6.7 is vulnerable to an authenticated SQL injection vulnerability in the 'current_items' parameter. An attacker with authenticated access can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized access or data leakage.
This vulnerability exists in the PAPI message handler of the application. By sending a specially crafted packet, an attacker can trigger a race condition, leading to potential privilege escalation or denial of service.
This exploit demonstrates weak password encryption in Argus Surveillance DVR 4.0. The author, Salman Asad (@deathflash1411), also known as LeoBreaker, provides a detailed description of the exploit and a guide on how to crack the password hash.
Services By CQR