This application is vulnerable to SQL injection vulnerability. The exploit allows an attacker to bypass authentication by injecting SQL payload.
The Faulty Evaluation System 1.0 is vulnerable to stored cross-site scripting (XSS) attacks. The 'Student' functionality is specifically vulnerable, allowing malicious script injection in the 'Firstname', 'Lastname', and 'Middle Name' input fields. The exploit payload used is an XSS link that triggers an alert displaying the user's cookies. When visiting the vulnerable page, the injected script is executed, resulting in the execution of the stored XSS code.
This exploit allows an authenticated user to upload any file to the server, including malicious files that can be used for remote code execution.
This application is vulnerable to Stored XSS vulnerability. The vulnerability is present in the 'address' parameter of the 'change_params.php' script. An attacker can inject malicious JavaScript code into the address field, which will be executed when a user interacts with the page.
The 'ATService' service in AnyTXT Searcher version 1.2.394 is installed with an unquoted service path, which could allow an attacker to escalate privileges and execute arbitrary code.
The Epson USB Display 1.6.0.0 software is vulnerable to an unquoted service path vulnerability. An attacker with local access and low privileges could exploit this vulnerability to gain elevated privileges and execute arbitrary code.
The POST parameter 'data[search][text_like]' in Supsystic Data Tables Generator plugin does not sanitize user input, leading to a SQL injection vulnerability. Additionally, the plugin is also vulnerable to stored XSS attacks.
The "Folder" tab under "Publications" is vulnerable to path traversal and exposes information not stored on the web server. The user can gain information regarding images stored in, for example, home directories. The vulnerable code is in the utils.php file, which uses readdir(). Enter the payload into the "Folder" input field: ../../../../../../../../home/erik However, if the web server attempts to open a folder without read access, the function will run in an infinite loop. For example: ../../../../../../../../root The web server will execute the code in an infinite loop and store massive amounts of data in the error.log file until the hard drive is full. The import Folder feature does not work anymore after trying to open directories without read permission when using path traversal techniques. Apache error.log file output: [Fri Jul 24 20:45:43.739704 2020] [:error] [pid 3516] [client 192.168.0.51:47892] PHP Warning: readdir() expects parameter 1 to be resource, boolean given in /var/www/wordpress/wp-content/plugins/digital-publications-by-supsystic/classes/utils.php on line 137, referer: http://192.168.0.49/wp-admin/term.php?taxonomy=dp
This is a 32-bit re-creation of CVE-2020-0674, a vulnerability in the legacy Javascript engine (jscript.dll) in Windows. It was used in historic versions of Internet Explorer but its load/usage can still be coerced (and thus exploited) in all versions of IE up to 11.
The YetiShare File Hosting Script 5.1.0 has a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability allows an attacker to make requests from the server to other internal or external resources. It occurs when user input is not properly validated before being used in an HTTP request.
Services By CQR