When WPML processed a HTTP POST request containing the parameter ”action=wp-link-ajax”, the current language is determined by parsing the HTTP referer. The parsed language code is not checked for validity, nor SQL-escaped. The user doesn’t need to be logged in. By sending a carefully crafted referer value with the mentioned POST request parameter, an attacker can perform SQL queries on arbitrary tables and retrieve their results. In addition to the standard WordPress database and tables, the attacker may query all other databases and tables accessible to the web backend. WPML contains a ”menu sync” function which helps site administrators to keep WordPress menus consistent across different languages. This functionality lacked any access control, allowing anyone to delete practically all content of the website - posts, pages, and menus. The ”menu sync” function also contained a cross-site scripting vulnerability. By sending a carefully crafted POST request, an attacker can inject arbitrary JavaScript code into the page.
WordPress SEO by Yoast is a popular WordPress plugin (wordpress-seo) used to improve the Search Engine Optimization (SEO) of WordPress sites. The latest version at the time of writing (1.7.3.3) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities. The plugin has more than one million downloads according to WordPress. The authenticated Blind SQL Injection vulnerability can be found within the 'admin/class-bulk-editor-list-table.php' file. The orderby and order GET parameters are not sufficiently sanitised before being used within a SQL query. The following GET request will cause the SQL query to execute and sleep for 10 seconds if clicked on as an authenticated admin, editor or author user.
This module exploits a vulnerability in the IPass Client service. This service provides a named pipe which can be accessed by the user group BUILTINUsers. This pipe can be abused to force the service to load a DLL from a SMB share.
A vulnerability in iqvw32.sys and iqvw64e.sys drivers has been discovered in Intel Network Adapter Driver. The vulnerability exists due to insuffiecient input buffer validation when the driver processes IOCTL codes 0x80862013, 0x8086200B, 0x8086200F, 0x80862007 using METHOD_NEITHER and due to insecure permissions allowing everyone read and write access to privileged use only functionality. Attackers can exploit this issue to cause a Denial of Service or possibly execute arbitrary code in kernel space.
The application suffers from an unquoted search path issue impacting the service 'FoxitCloudUpdateService' for Windows deployed as part of Foxit Reader. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application.
A buffer overflow vulnerability exists in Brasero 3.4.1 CD/DVD for the Gnome Desktop. An attacker can exploit this vulnerability by creating a malicious .m3u file with a buffer of over 26109 A characters followed by 4 C characters and 10500 D characters. When the malicious file is opened with Brasero CD/DVD burner, it leads to a crash which results in the user being logged out of their current session.
A vulnerability in Smart PHP Poll allows an attacker to bypass authentication by entering 'admin' or '1=1' as the username and any value as the password. This vulnerability is due to the application not properly validating user input.
A SQL injection vulnerability exists in Joomla Simple Photo Gallery component version 1, which allows an attacker to execute arbitrary SQL commands via the 'albumid' parameter in a 'index.php?option=com_simplephotogallery&view=images' request.
A vulnerability in Joomla Simple Photo Gallery allows an attacker to upload arbitrary files to the server. This is due to the lack of proper input validation in the uploadFile.php file, which allows an attacker to upload a malicious file to the server by setting the jpath parameter to ../../../../ and submitting a file in the uploadfile parameter. This can be exploited to execute arbitrary PHP code on the server.
Pie Register 2.x suffers, from a Local File Disclosure vulnerability. The vulnerability is caused due to the use of user-supplied input without proper validation. This can be exploited to disclose sensitive information by including arbitrary files from local resources via a specially crafted request.
Services By CQR