Metasploit 4.1.0 Web UI 'project[name]' parameter is prone to a XSS vulnerability. Login to Web UI -> Create New Project -> Project name -> '"</script><script>alert(document.cookie)</script>'
Pre Studio Business Cards Designer is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
The mentioned product installs various drivers to allow the software to get informations from ODBC data sources. Some of them are vulnerable to a remote stack based buffer overflow which can be triggered by specifying an overlong HOST attribute inside the connection string. The software tries to do an unicode/ASCII conversion. In doing this, the stack is completely smashed allowing to redirect the execution flow to an user supplied buffer.
This exploit is a proof of concept for a denial of service vulnerability in Opera versions 11.x and below. It is triggered by a malicious JavaScript code that causes a stack overflow. The code creates a script element and appends it to the body of the page, which causes the stack overflow.
The vulnerability is in the data sent by the agent OCS. The inventory service and the admin panel does not control the data received. An attacker could inject malicous HTML/JS through into the inventory information (eg. the computer description field under WinXP). This data is printed in the admin panel wich can lead to a session hijack or whatever you want.
An attacker can exploit a SQL injection vulnerability in fims - File Management System <= 1.2.1a by sending a crafted request with malicious data to the application. This can allow the attacker to gain access to sensitive information stored in the database.
Blind SQL Injection and XSS can be done using the command input on vulnerable pages such as index.php, cart.php, includes/photoview.php and index2.php. An example of the exploit is index.php?exhort=%2440-2+2*3-6&view=ar_det and cart.php/%22onmouseover=prompt(955787)%3E, includes/photoview.php/%22onmouseover=prompt(955787)%3E and index2.php/%22onmouseover=prompt(955787)%3E.
CMSmini 0.2.2 is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious file path in the 'name' parameter of the 'edit.php' script. This will allow the attacker to read any file on the server.
1024 CMS Version 1.1.0 beta is vulnerable to a Local File Inclusion vulnerability due to a lack of proper sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious filename parameter to the vulnerable application. This can allow an attacker to read sensitive files from the server, such as the boot.ini file.
If variable "$a" has a true value, it will set "$templatefile" value by default. However, when "$a" value doesn't match the defaults values, the attacker can control "$templatefile" and use it as (File Disclosure). The attacker can use the URL http://domain.tld/[PATH]/cart.php?a=[wrong_value]&templatefile=[LFD]%00 to exploit this vulnerability.
Services By CQR