This module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution.
This module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the copyPixelsToByteArray method from the BitmapData object. The position field of the destination ByteArray can be used to cause an integer overflow and write contents out of the ByteArray buffer. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 14.0.0.176, 14.0.0.145 and 14.0.0.125.
Multiple vulnerabilties exist in the GoAutodial 3.3 open source call centre software that will lead to a complete compromise of the underlying database and infrastructure. A simple 'OR '1'='1 in the password field with a username of 'admin' will log you in. (assuming the default administrator user has not been removed). You can also test this by performing the following GET request: https://<ip>/go_login/validate_credentials/admin/' OR '1'='1. This function returns a single entry from the db that contains user information including the username and password. Given that the first 'active' user in the db would most likely be the admin user you can search for active=Y. There is a column in the vicidial_users table that identifies whether a user is active (Y) or not active (N). Given this, you can perform the following to return an admin user's account username and password. https://<ip>/index.php/go_site/go_get_user_info/' or active='Y. This function returns a single entry from the db that contains user information including the username and password. Given that the first 'active' user in the db would most likely be the admin user you can search for active=Y. There is a column in the vicidial_users table that identifies whether a user is active (Y) or not active (N). Given this, you can perform the following to return an admin user's account username and password. https://<ip>/index.php/go_site/go_get_user_info/'<script>alert(1)</script>
It is possible to read the file on the local database due to incorrect coding and unconsciousness in it causing 'force-download.php' file.
ProFTPd 1.3.5 with mod_copy is vulnerable to a remote command execution vulnerability. An attacker can exploit this vulnerability by sending malicious FTP commands to the vulnerable server. This can be done by using the SITE CPFR and SITE CPTO commands to copy a malicious PHP payload to a web accessible directory and then execute it through HTTP.
The 'submit_nex_form' ajax function is affected from SQL Injection vulnerability. The 'nex_forms_Id' var is not sanitized.
An arbitrary code execution web vulnerability has been discovered in the official Linkus Photo Manager Pro v4.4.0 iOS mobile web-application. The vulnerability allows remote attackers to execute malicious script code to compromise the application or connected device. The vulnerability is located in the `file` value of the `/upload` POST method request. Remote attackers are able to inject own malicious script codes to the application-side of the vulnerable service.
A local file include web vulnerability has been discovered in the official USB Disk Free - File Manager & Transfer v1.0 iOS mobile application. The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application.
A local file include web vuln. has been discovered in the official Linkus Photo Manager Pro v4.4.0 iOS mobile web-application. The vulnerability allows local attackers to inject malicious script codes to the application-side of the vulnerable service. The vulnerability is located in the `file` value of the `index.php` file. Local attackers are able to inject own malicious script codes to the application-side of the vulnerable service. The request method to inject is POST and the attack vector is local.
A local file include web vulnerability has been discovered in the official Mindspeak Software - Wifi Drive Pro v1.2 iOS mobile web-application. The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application.
Services By CQR