Foxit Reader before 10.0 allows Remote Command Execution via the unsafe app.opencPDFWebPage JavaScript API which allows an attacker to execute local files on the file system and bypass the security dialog.
This exploit allows an attacker to hijack user sessions in Citadel WebCit version 926. It works by sending a specially crafted HTTP request with a manipulated cookie value. By exploiting this vulnerability, an attacker can impersonate a legitimate user and gain unauthorized access to the system.
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
TDM Digital Signage Windows Player suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.
The device can be shutdown or rebooted by an unauthenticated attacker when issuing one HTTP GET request.
The device suffers from an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in tail.html and file.html script is not properly verified before being used to read web log files. This can be exploited to disclose contents of files from local resources.
This exploit targets the ccpm_0237.dll file in StreamAudio ChainCast ProxyManager. It overwrites the Structured Exception Handling (SEH) to gain control of the application. The exploit includes a shellcode that executes the 'calc.exe' command. The shellcode is limited to about 680 bytes. This exploit has been tested on Windows XP SP2 (fully patched) with English language and Internet Explorer 6. Credit goes to h.d.m. and the Metasploit crew for their contributions.
The Point of Sales 1.0 software is vulnerable to SQL Injection. By manipulating the 'id' parameter in the 'edit_category.php' page, an attacker can inject malicious SQL queries and retrieve sensitive information from the database. The vulnerability allows unauthorized access to the database.
A persistent cross-site scripting vulnerability exists within the 'Categories Name' parameter in the edit brand function. This example allows a logged-in user to inject javascript code as a persistent XSS attack which is persistent on any page with the Categories Name value expected.
Services By CQR