If the application is configured using the default directory structure and an access database then a user can download the access database. By modifying the Form_member_id and p_Form_member_id variables to the ID of the admin account (default ID is 7) on the MyInfo.aspx page in the POST data you can reset the admin password with the password you entered into the appropriate feed to gain full admin rights to the web application.
Vivvo CMS is an intuitive content management system atop a powerful programming framework, empowering numerous industry leading online newspapers, magazines, journals, TV and radio stations. The vulnerability exists in the compress.php file, which allows an attacker to include arbitrary files from the server. An attacker can exploit this vulnerability by sending a crafted request to the server with the malicious file name as a parameter. This will allow the attacker to execute arbitrary code on the server.
Exploit : http://localhost/user.php?id=1'[sqli] Error: Invalid query: SELECT `key`,`value` FROM `bd_user_data` WHERE `user_id`='1'' Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1
The $key parameter passed to fof_multi_sort() function isn't properly sanitized before being used in a call to "create_function()" at line 1095 or 1099. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires authentication.
An attacker can exploit this vulnerability by sending a crafted request to the vulnerable application. The application will then return the content of the requested file, which can be used to gain access to sensitive information.
This module exploits a stack buffer overflow in ScriptFTP 3.3 ftp client. The overflow is triggered when the client connects to a FTP server which sends an overly long directory and filename in response to a GETLIST command. This will cause an access violation, and will eventually overwrite the saved extended instruction pointer.
This exploit is related to CVE-2011-0182 and is a proof of concept code. It is written in C language and is compiled using gcc. It is used to set the LDT (Local Descriptor Table) and can cause a kernel panic. It is tested on Hackintosh for AMD.
When using the import/export feature for csv/project/quickbooks files under http://localhost/TimeLive/AccountAdmin/AccountImportExport.aspx, You are able to modify the file download URL you are redirected too and traverse directories to download the hosted files including the TimeLive database. Successful exploitation could allow an attacker to download the complete database of users information including email addresses, usernames and passwords and associated timesheet and expense data along with any files contained within the subfolder of wwwroot.
A SQL injection vulnerability exists in the redmind Online-Shop / E-Commerce-System, which allows an attacker to execute arbitrary SQL commands via the 'prodID' parameter in the 'product.php' script.
Omnidocs application does not validate 'FolderRights' parameter. This parameter could be modified to '111111111' to get full access including rights to add documents, add folders, delete folders and place orders. Omnidocs application does not validate 'UserIndex' parameter. 'UserIndex' parameter is used to access the personal setting page. This parameter can be changed to other valid numbers thereby gaining access to view or change other user's personal settings.
Services By CQR