The forms in the admin area of the plugin allows CSRF. This gives the capacity for the attacker to add new forms, modify existing form settings, launch XSS attacks, export CSV files of the messages, delete forms, and perform SQL Injection.
There are multiple second order error based SQL injections into the ORDER BY keyword in the admin area. The payload must first be HTML entity-encoded, and then URL encoded. An admin user can execute any function they want via this URL (there is no CSRF protection). For an admin, it is possible to view and edit any PHP or inc files, not just the ones inside the theme directory.
The code in ./wp-swimteam/include/user/download.php doesn't sanitize user input from downloading sensitive system files. An attacker can use a curl command to download the file from the server.
This module exploits a code execution flaw in Western Digital Arkeia version 11.0.12 and below. The vulnerability exists in the 'arkeiad' daemon listening on TCP port 617. Because there are insufficient checks on the authentication of all clients, this can be bypassed. Using the ARKFS_EXEC_CMD operation it's possible to execute arbitrary commands with root or SYSTEM privileges. The daemon is installed on both the Arkeia server as well on all the backup clients. The module has been successfully tested on Windows, Linux, OSX, FreeBSD and OpenBSD.
This module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public on its July 2015 data leak, was described as an Use After Free while handling the opaqueBackground property 7 setter of the flash.display.DisplayObject class. This module is an early release tested on Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194, Windows 7 SP1 (32-bit), IE9 and Adobe Flash Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox + Adobe Flash 18.0.0.194, windows 8.1, Firefox and Adobe Flash 18.0.0.203, Windows 8.1, Firefox and Adobe Flash 18.0.0.160, and Windows 8.1, Firefox and Adobe Flash 18.0.0.194.
This module exploits VNC servers by sending virtual keyboard keys and executing a payload. On Windows systems a command prompt is opened and a PowerShell or CMDStager payload is typed and executed. On Unix/Linux systems a xterm terminal is opened and a payload is typed and executed.
This module exploits a metacharacter shell injection vulnerability in the Accellion File Transfer appliance. This vulnerability is triggered when a user-provided 'oauth_token' is passed into a system() call within a mod_perl handler. This module exploits the '/tws/getStatus' endpoint. Other vulnerable handlers include '/seos/find.api', '/seos/put.api', and /seos/mput.api'. This issue was confirmed on version FTA_9_11_200, but may apply to previous versions as well. This issue was fixed in software update FTA_9_11_210.
The file parameter in the stream.php page has no validation and sanitization, allowing an attacker to perform a Local File Disclosure attack by adding '@@media' to the file name and base64 encoding it twice.
The Arabportal 3 registeration section is vulnerable to an error based SQL injection attack. The POST parameter 'showemail' is vulnerable to the attack. An example of the attack is 1' AND (SELECT 1212 FROM(SELECT COUNT(*),CONCAT(version(),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.tables GROUP BY x)a) AND 'ali-ahmady'='ali-ahmady
We can add arbitrary users to the system, delete arbitrary web server files and escalate privileges, as no CSRF token is present. Under users area in admin we can easily gain admin privileges, again using CSRF vulnerability we submit form using our id and change request variable to type '1' granting us admin privileges. The following request parameters are all we is need to delete files from media or files directorys under the web servers CMS area. We can steal PHP session cookie via XSS vulnerability. We can upload malicious files to the web server, as no file type restrictions are present.
Services By CQR