In ./simple-image-manipulator/controller/download.php no checks are made to authenticate user or sanitize input when determining file location. An attacker can use curl to send a request to the download.php file with a filepath parameter set to the location of a file they wish to download.
The code in download-file.php doesn't verify the user is logged in or sanitize what files can be downloaded. This vulnerability can be used to download sensitive system files.
The ./wptf-image-gallery/lib-mbox/ajax_load.php code doesn't sanitize user input or check that a user is authorized to download files. This allows an unauthenticated user to download sensitive system files.
The vulnerability exists due to insufficient filtration of user-supplied input passed via the 'ID' parameter to '/wds_news/article.php' script. A remote attacker can execute arbitrary SQL commands in application's database and gain access to sensitive data. An attacker can also upload a malicious file and execute it in the context of the webserver process.
This exploit is a proof of concept for a buffer overflow vulnerability in Havij Pro version 1.17. The exploit is triggered when a maliciously crafted file is opened in the application, causing it to crash. The exploit was tested and verified using version 1.6 Pro.
Netsparker 2.3.x is vulnerable to a remote code execution vulnerability due to an improper authentication mechanism. An attacker can exploit this vulnerability by sending a malicious link to the target, which when clicked, will execute arbitrary code on the target system. This exploit is based on the MS14-064 CVE2014-6332 vulnerability.
$_GET['vid'] is not escaped in the WordPress Video Gallery 2.7 plugin. The google_adsense() function is accessible for everyone, which allows attackers to inject arbitrary SQL commands. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This can be done by sending a request to the admin-ajax.php file with the action parameter set to googleadsense and the vid parameter set to a malicious SQL statement.
This proof of concept exploits a buffer overflow vulnerability in the Kali Linux Brasero application. The vulnerability is triggered when a specially crafted M3U file is opened in the application, causing it to crash. The PoC code creates a file with 10000 A characters and then opens it in the Brasero application using 20 threads.
Performing @selector(addCertificatePreference:) from sender NSButton 0x608000148cf0 causes an EXC_BAD_ACCESS exception, which can crash the Keychain and affect the user's ability to use Keychain stored passwords.
A persistent Cross site scripting (XSS) in Job Manager Plugin has been discovered, the plugin's email field was not sanitized thus the vulnerability can be easily exploited and can be used to steal cookies,perform phishing attacks and other various attacks compromising the security of a user.
Services By CQR