A vulnerability in the Wordpress plugin Simple Ads Manager allows an attacker to upload arbitrary files to the server. This is due to the lack of proper validation of the uploaded file in the 'sam-ajax-admin.php' file from line 303 to 314. This can be exploited to upload malicious files and execute arbitrary code on the server.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'sam-ajax.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass certain security restrictions, access, modify and delete data in the database, and compromise the application and the underlying system.
WordPress WP Easy Slideshow Plugin is vulnerable to Cross-Site Request Forgery (CSRF) and Arbitrary File Upload. An attacker can exploit this vulnerability to delete images and upload malicious files on the vulnerable system.
A vulnerability exists in the Wordpress SimpleCart Theme, which allows an attacker to upload and execute malicious files on the target system. The vulnerability is due to the lack of proper input validation in the upload.php file. An attacker can exploit this vulnerability by sending a malicious file to the upload.php file and then executing it on the target system. This vulnerability affects versions 2.1.2 and earlier of the SimpleCart Theme. Other themes such as Micro Theme 1.0.3, Holding Pattern Theme 1.3, Gallery Pro Theme 2.5.3, Evo Theme 1.3, and Charity Theme 1.1.3 are also affected.
This exploit allows an attacker to upload malicious files to the vulnerable Wordpress Video Gallery Plugin. The attacker can craft a malicious HTML page with a malicious file and send it to the victim. When the victim visits the malicious page, the malicious file will be uploaded to the vulnerable plugin. This exploit affects version 2.8 of the plugin and has been tested on Windows and Linux.
An interesting remote code execution vector can be found through the attack payload below: http://x.x.x.x/progs/fwaccess/add/1|command. The web application functionality is based on multiple bash scripts contained in the /usr/wui/progs folder. The application is using CGI so that the scripts can handle HTTP requests. We notice that if the result of the command on line 285 is not positive (check on 286), then seterrmsg function is called. On line 318 we see a danerous command injection.
A stack buffer overflow vulnerability exists in WebGate eDVR Manager 2.6.4 when handling the SiteChannel property. An attacker can exploit this vulnerability by supplying a specially crafted argument to the SiteChannel property. This can result in arbitrary code execution in the context of the application.
A stack buffer overflow vulnerability exists in WebGate eDVR Manager 2.6.4 when the AudioOnlySiteChannel Property is called with an overly long argument. This can be exploited to execute arbitrary code by tricking a user into visiting a malicious web page.
A stack-based buffer overflow vulnerability exists in the ChangePassword function of WESP SDK (package version 1.2). The vulnerability is caused by improper bounds checking of user-supplied data, which can result in the execution of arbitrary code. An attacker can exploit this vulnerability by supplying a specially crafted argument to the ChangePassword function. This can allow the attacker to execute arbitrary code in the context of the application.
joomla component 'Spider Random Article' is not filtering data in catID and Itemid parameters and hence affected by SQL injection vulnerability. The vulnerability is due to catID and Itemid parameter. Error based double query injection can be used with catID parameter and xpath injection can be used with Itemid parameter.
Services By CQR