The appRain CMF 4.0.5 allows remote attackers to execute arbitrary code via an authenticated user uploading a crafted file containing PHP code.
webERP is prone to information-disclosure, SQL-injection, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may exploit the information-disclosure issue to gain access to sensitive information that may lead to further attacks. An attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
ViArt Shop is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
This module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This module has been tested on Safari and Maxthon. Code execution can be acheived by first uploading the payload to the remote machine in VBS format, and then upload a MOF file, which enables Windows Management Instrumentation service to execute the VBS.
ViArt Shop 4.0.5 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this vulnerability to change the admin password and add a new admin account without the knowledge of the admin. This vulnerability can be exploited by sending a malicious link to the admin or by embedding the malicious code in an iframe on a website that the admin visits.
@lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
BGA Team discovered a remote code execution, two arbitrary file read and one cross site scripting vulnerability in Mailspect Control Panel 4.0.5 web application.
There was an Anti-CSRF token while adding a post in Subrion CMS v4.0.5, named with paramater '__st', but it can be bypassed if we enter the same number of characters in the CSRF token (for e.g XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX), then the CSRF protection will be bypassed means, if we craft a malicious HTML web page, we can trick the admin/vicitm to visit a website, and after he/she visits the website, a blog post will be created with a tag like this: '</title><script>alert(document.domain);</script>' and now the XSS can be executed here: http://localhost/[SubrionPATH]/tag/title-script-alert-document-domain-script/
Input passed via the "rnd" parameter to products_search.php is not properly sanitised before being used in a SQL query. Input passed via the "filter" parameter to products.php is not properly sanitised before being used in a SQL query. Input passed to the "search_category_id" and "category_id" parameters in ads.php is not properly sanitised before being returned to the user. Input passed to the "category_id" parameter in article.php and articles.php is not properly sanitised before being returned to the user. Input passed to the "rp" parameter in basket.php and product_details.php is not properly sanitised before being returned to the user. Input passed to the "postal_code" parameter in shipping_calculator.php is not properly sanitised before being returned to the user. Input passed to the "s_fds" , "s_tit" ,"s_cod" parameters in search.php is not properly sanitised before being returned to the user. Input passed to the "s_sds" parameter in ads_search.php is not properly sanitised before being returned to the user. user_profile.php vulnerable parameter "return_page"
This exploit is a 0day code execution exploit for Apple Safari 4.0.5. It is a memory corruption vulnerability that can be exploited by using the parent.close() function. The exploit code contains a Windows Execute Command (calc) shellcode. It can be used both locally and remotely, provided that the POPUP must be enabled [Ctrl+Shift+K]. The exploit code contains a JavaScript code that creates an array of 1000 elements, each containing a block of memory with the shellcode. It then uses the parent.close() function to trigger the memory corruption.
Services By CQR