SQL Buddy is an open source web based MySQL administration application which suffers from directory traversal whereby a user can move about directories an read any PHP and non PHP files by appending the '#' hash character when requesting files via URLs. After adding the '#' character as a delimiter any non PHP will be returned and rendered by subverting the .php concatenation used by sqlbuddy when requesting PHP pages via POST method.
The CSRF vulnerability can be exploited by remote attackers without privileged application user account and with low user interaction (click). Payload will add arbritary users to the system.
eFront 3.6.15 is prone to a PHP Object Injection vulnerability due to the unsafe use of unserialize() function. A potential attacker, authenticated as a Professor, could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input.
eFront 3.6.15 is prone to a critical path traversal vulnerability involving the view_file.php module, due to improper user-input sanitization and unsafe inner normalize() function logic. Any unprivilieged attacker could exploit this vulnerability by manipulating HTTP parameter value in order to climb the directories tree and access arbitrary files on the remote file system. This issue can lead to critical confidentiality violations, depending on the privileges assigned to the application server.
The new_sidebar.php module, which handles the left side bar in eFront 3.6.15 default theme, is affected by two SQL injection vulnerabilities due to lack of user input sanitization. The identified issues allow unprivileged users, such as professors and students (under certain conditions), to inject arbitrary SQL statements. An attacker could exploit the vulnerabilities by sending specially crafted requests to the web application. These issues can lead to data theft, data disruption, account violation and other impacts depending on the DBMS’s user privileges.
This exploit disables some features of the modem, forcing the administrator of the device, accessing the page to reconfigure the modem again, occurring script execution in the browser of internal network users.
This exploit disables some features of the modem, forcing the administrator of the device, accessing the page to reconfigure the modem again, occurring script execution in the browser of internal network users.
Pluck 4.7 is vulnerable to directory traversal. An attacker can exploit this vulnerability to access sensitive files outside the web root directory. This vulnerability is due to insufficient sanitization of user-supplied input to the 'image' parameter in '/data/modules/albums/albums_getimage.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with directory traversal sequences (e.g. '../../../../../../../Windows/system.ini') to the vulnerable script. Successful exploitation will allow an attacker to access sensitive files outside the web root directory.
i.FTP 2.21 is vulnerable to a SEH based buffer overflow vulnerability. The vulnerability is triggered when a maliciously crafted Time field is sent to the application. This can be exploited to execute arbitrary code by overwriting the SEH handler with a malicious payload.
VideoCharge v3.16.4.06 is vulnerable to a buffer overflow vulnerability. An attacker can create a malicious XML file with a buffer of 1000 A's and crash the program. The program only allows ascii printable characters and 5c (retn) is a bad character (no push[reg] ret, jmp[reg] or call[reg]).
Services By CQR