The Mini Mouse 9.3.0 application is vulnerable to local file inclusion and path traversal. An attacker can exploit this vulnerability to access sensitive files on the target device. This vulnerability allows an attacker to read arbitrary files and potentially execute arbitrary code.
Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
The limited administrative user (admin:admin) can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint or the password page and disclose the http super user password. Once authenticated as super, an attacker will be granted access to additional and privileged functionalities.
This exploit demonstrates a buffer overflow vulnerability in the UPNP service of DD-WRT version 45723 or prior. By sending a specially crafted packet to the target IP address, an attacker can overflow the buffer and potentially execute arbitrary code.
The exploit allows an attacker to execute arbitrary code by exploiting a stack-based buffer overflow vulnerability in SyncBreeze. By crafting a specially crafted XML file and importing it into the application, the attacker can trigger the overflow and gain control over the program.
The Novel Boutique House-plus version 3.5.1 is vulnerable to an arbitrary file download attack. The 'fileDownload' function in the 'FileController.java' file allows an attacker to specify a file path and download arbitrary files from the server. By providing a crafted 'filePath' parameter with directory traversal sequences, an attacker can bypass the file path validation and download sensitive files from the server, such as the '/etc/passwd' file.
Input passed to the FolderName parameter in "RTE_file_browser.asp" is not properly sanitised before being used. This can be exploited to list directories, list txt and list zip files through directory traversal attacks.Also, "RTE_file_browser.asp" does not check user's session and an unauthenticated attacker can perform this attack.-POC:http://[WebWiz NewsPad]/RTE_file_browser.asp?look=&sub=.....\.....\.....\
Cross-Site Request Forgery (CSRF) vulnerability in Custom JS v0.1 plugin for GetSimple CMS allows remote attackers to inject arbitrary client-side script code into every webpage hosted on the CMS (Persistent Cross-Site Scripting), when an authenticated admin visiting a third-party site.
Input passed to the FolderName parameter in "RTE_file_browser.asp" is not properly sanitised before being used. This can be exploited to list directories, list txt and list zip files through directory traversal attacks. Also, "RTE_file_browser.asp" does not check user's session and an unauthenticated attacker can perform this attack. Moreover, by using "RTE_popup_save_file.asp" attacker can make his/her HTML or HTM file on the server, so this can be used in XSS attacks or making fake pages.
This vulnerability could permit executing code during startup or reboot with the escalated privileges.
Services By CQR