A user with limited privileges could gain access to certain functionality that is available only to administrative users. For example, users with Guest privileges could delete backup database from thier account.
The administrative interface of OpenX Ad Server is vulnerable to Cross-Site Request Forgery (CSRF) attacks, which can be exploited by remote attackers to force a logged-in administrator to perform malicious actions on the OpenX Ad Server, by enticing authenticated user to visit a malicious web page.Attacker can modify application data.
MusicBox versions 3.7 and prior are vulnerable to SQL injection and Cross Site Scripting attacks. An attacker can exploit these vulnerabilities by sending malicious SQL queries or malicious JavaScript code to the vulnerable application.
When a long file name read request is made the CPU will spike and within about 20 seconds the TFTP service will crash.
A vulnerability in Safari's SVG DOM processing allows an attacker to execute arbitrary code on a vulnerable system. The vulnerability is caused due to an error in the handling of SVG elements, which can be exploited to execute arbitrary code by tricking a user into visiting a malicious web page.
A buffer overflow vulnerability exists in Download Accelarator Plus (DAP) 9.7. An attacker can exploit this vulnerability by creating a malicious M3U file and convincing the user to open it. This will cause a buffer overflow and allow the attacker to execute arbitrary code on the target system.
A vulnerability exists in Simple Page Option (mod_spo) 1.5.x, which allows an attacker to include arbitrary files from the local system. This is due to the lack of proper sanitization of user-supplied input in the 'spo_site_lang' parameter of the 'email_sender.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with directory traversal sequences (e.g. '../../../../../../../../../../etc/passwd%00') to the vulnerable script.
The readRegVal() method allows to dump specific values from the Windows registry. Frome the typelib, this control asks to specify a root key. In my experience, lots of application stores encrypted or even clear text passwords inside the registry, so an attacker can abuse this to gain certain credentials from the victim browser. This sample code extracts BIOS informations and redirects to a specified url with this info passed as parameters. Through some more programming efforts, you could dump a bigger portion of the registry.
Joomla Component JE Story Submit is prone to a local file-inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to view sensitive files on the affected computer; other attacks are also possible.
Vbulletin 4.x.x => 4.1.3 suffers from an SQL injection Vulnerability in parameter "&messagegroupid" due to improper input validation. Post data on: search.php?search_type=1, Keywords: Valid Group Message, Search Type: Group Messages, Search in Group: Valid Group Id &messagegroupid[0]=3 ) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1#
Services By CQR