Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
The url parameter 'number' of the /cgi-bin/koha/opac-tags_subject.pl is vulnerable to SQLI. An attacker can read arbitrary data from the database. If the webserver is misconfigured, read & write access the filesystem may be possible.
High-Tech Bridge Security Research Lab discovered critical vulnerability in Vesta Control Panel, which can be exploited to execute arbitrary system commands and gain complete access to the vulnerable system. The vulnerability exists due to insufficient filtration of user-input passed via the 'backup' HTTP GET parametre to '/list/backup/index.php' before using it in the PHP 'exec()' function. A remote authenticated attacker can inject arbitrary commands and execute them on the system with privileges of the default Vesta Control Panel 'admin' account.
This module exploits a buffer overflow vulnerability related to the ShaderJob workings on Adobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the same Bitmap object as src and destination of the ShaderJob. Modifying the 'width' attribute of the ShaderJob after starting the job it's possible to create a buffer overflow condition where the size of the destination buffer and the length of the copy are controlled. This module has been tested successfully on Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.169, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.169, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.169, Linux Mint 'Rebecca' (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.457.
This module exploits improper object handling in the win32k.sys kernel mode driver. This module has been tested on vulnerable builds of Windows 7 x64 and x86, and Windows 2008 R2 SP1 x64.
This exploit allows an attacker to upload arbitrary files to the vulnerable Joomla Simple Image Upload component. The vulnerability is similar to the Com_Media vulnerability. The attacker can send a POST request with a malicious file to the vulnerable component and the file will be uploaded to the server.
An attacker can make a user with access privileges to a page containing malicious script and send some parameters injected JavaScript to the database.
GeniXCMS v0.0.3 is vulnerable to persistent and reflected XSS. Persistent XSS can be exploited by injecting malicious code into the content and title input fields. Reflected XSS can be exploited by sending a malicious URL containing a script to the victim. The script will be executed when the victim visits the URL.
The Nmedia WordPress Member Conversation plug-in for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
A buffer overflow vulnerability was discovered in Adobe Photoshop CC 2014 and Bridge CC 2014. The vulnerability is caused due to a boundary error when processing user-supplied data. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted file. Successful exploitation may allow execution of arbitrary code.
Services By CQR