Monthly Archive: April 2022

The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting Date published...

The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting...

The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting Date published :...

It is possible to obtain the first administrator’s hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc....

In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target’s MAC address and the user’s password hash. Guest users (disabled by default) can be abused using a...

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop. Date published : 2022-04-25 https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/

It is possible to obtain the first administrator’s hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc....

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del. Date published : 2022-04-25 https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/

An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. Date published : 2022-04-25 https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed...

There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. Date published : 2022-04-25 http://seclists.org/fulldisclosure/2022/Apr/39

IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the...

VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account’s password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an...

A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1....