A user with limited privileges could gain access to certain functionality that is available only to administrative users. For example, users with Guest privileges can see the subjects of the tickets, stats and other information related to tickets.
A filter bypass vulnerability has been discovered in the official Barracuda Networks Cloud Series Appliance Applications 2014-Q1. The filter bypass issue allows an attacker to bypass the secure filter validation of the service to execute malicious script codes. The barracuda filter blocks for example standard iframes, scripts and other invalid code context: The cloud service has a own exception-handling to parse or encode malicious injected web context. The mechanism filters the first request and sanitizes the output in every input field. During a pentest we injected a standard iframe to check and provoke the validation. The frame got blocked! In the next step the attacker splits (%20%20%20) the request and injects at the end an onload frame to an external malicious source. The second iframe with the onload alert executes the script codes after the validation encoded only the first script code tag. The santization of the input field does not filter the onload frame.
A remote sql injection web vulnerability has been discovered in the official Mangallam Content Management System 2015-Q1. The sql vulnerability allows an attacker to inject sql commands to compromise the application & database management system. The sql injection vulnerability is located in the `newsid` value of the vulnerable `news_view.php` application file. Remote attackers are able to inject own sql commands by manipulation of the vulnerable newsid value in the `news_view.php` file.
An unauthenticated and authenticated user can enumerate users and domains on the system by sending a simple request to URL.
CreateReportTable.jsp page is prone to SQL injection via site variable. A user with limited privileges could exploit this vulnerability to gain complete database/system access.
An attacker can crash the software by using .mobi and .prc file. Attackers can crash the software local by user inter action over .mobi and .prc (ebooks).
Cisco Ironport appliances are vulnerable to authenticated 'admin' privilege escalation. By enabling the Service Account from the GUI or CLI allows an admin to gain root access on the appliance, therefore bypassing all existing 'admin' account limitations. The vulnerability is due to weak algorithm implementation in the password generation process which is used by Cisco to remotely access the appliance to provide technical support.
Exif Pilot SEH Based Buffer Overflow is a vulnerability in Exif Pilot version 4.7.2 which allows an attacker to execute arbitrary code by sending a specially crafted XML file. The vulnerability is caused by a buffer overflow in the application when processing a specially crafted XML file. The attacker can exploit this vulnerability by sending a specially crafted XML file to the application, which will cause the application to crash and execute arbitrary code.
A Memory Corruption Vulnerability is detected on Crystal Player 1.99. An attacker can crash the software by using .mls file. Attackers can crash the software local by user inter action over mls (playlist).
This plugin is vulnerable to SQL injection at the /vbsso/avatar.php file in the fetchUserinfo function. It requires a big UNION ALL SELECT query and commenting out the LIMIT function of SQL. If SQL injection is a success, the browser will redirect the user to a URL where the URL contains the extracted information.
Services By CQR