There is an interesting vulnerability in the code of ajaxfilemanager/ajax_save_name.php. The vulnerability allows for the disclosure of the admin password.
This version of ASP Shopping Cart has CSRF vulnerability for upload a file with fckEditor. The vulnerability requires the admin's cookie and bypassing a specific file extension implemented by FckEditor v2.
This version of ASP Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
This version of Visinia has multiple vulnerabilities. The first vulnerability is CSRF for Remove Modules, where an attacker can navigate the admin to visit a malicious site to remove a module with a POST request to the server. The second vulnerability is LFI for download web.config or any file.
There is a SafeMod bypass vulnerability in PHP <= 5.2.9 on Windows. The issue arises from the implementation and interfacing between PHP and the operating system's directory structure. PHP does not differentiate between directory browsing in Linux and Windows, allowing an attacker to execute commands on the target machine even with SafeMod enabled (php.ini setting).
There is an interesting vulnerability in the commenting system of the Telepark Wiki, even guests can comment in this wiki. The vulnerability is present in the /ajax/addComment.php file, where an attacker can upload a shell or execute remote commands. There is also a local file inclusion and admin password disclosure vulnerability present in the getjs.php, getcsslocal.php, and upload.php files. The vendor has patched all the vulnerabilities and the fixes can be seen in the “FIXED” section of the code.
This exploit uses a SQL injection vulnerability that exists in the DANA Portal ASP version. The exploit updates the admin password (SHA1 + Salt) with the word 'hacked'. This exploit is for educational purposes only.
The Douran Portal is vulnerable to a file download vulnerability due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This can allow an attacker to download any file from the web server, including sensitive files such as web.config, which can contain database credentials and other sensitive information.
Shockwave player is a plug in for loading Adobe Director video files in to the browser. Director movies have DIR or compressed format of DCR. DIR file format is based on RIFF based formats. RIFF formats start with a 4byte RIFX identifier and length of the file. And subsequently chunks come together with format of 4byte chunk identifier + size of chunk + data. Some of the chunk identifiers are tSAC, pami, rcsL. By help of our simple fuzzer we have manipulated a director movie file and found a vulnerability in part of an existing rcsL chunk. The vulnerability is in the cmp eax, 0FFFFFFFFh instruction. If the value of eax is 0FFFFFFFFh, the cmp instruction will set the zero flag. If the zero flag is set, the jz instruction will jump to the loc_681229C2.
This version of AtomatiCMS have Upload arbitrary file Vulnerability with fckEditor in this Paths: http://Example.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html and http://Example.com/FCKeditor/editor/filemanager/upload/test.html. Which your files will be in this path: .../UserFiles/
Services By CQR