High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Free Simple CMS , which can be exploited to perform cross-site scripting attacks. Input appended to the URL after index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website. Input passed via the GET "db_themes_background_color_page" parameter to /themes/default/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website. Input passed via the GET "include" parameter to index.php (when GET "page" parameter is set to "login" and GET "request" parameter is set to "forgot_password") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences.
AMHSHOP 3.7.0 is an Arabic Shopping Script that is vulnerable to a SQL Injection vulnerability. An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.
A security vulnerability was found in the driver 'vmswitch.sys', associated to the Windows Hypervisor subsystem, allowing an authenticated local DoS. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. The impact is all guests on that host became non-responsive. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. As a result, an attacker logged with admin privileges on a guest VM may cause: All applications in virtual machines stop responding, The host kernel CPU usage rises up to 100%, The host machine is unable to reboot (It shows the close window but it never performs the host rebooting).
Conky 1.8.0 is vulnerable to a local DoS/PoC exploit. The exploit involves appending a malicious string to the conkyrc file, which causes Conky to crash when it is executed. The exploit was discovered by Arturo D'Elia on 12 Dec 2010 and no fix is available.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The 3gp handling from MP4Splitter.ax filter of klite codec pack will cause an Access violation when a specially crafted movie file is loaded on the media player. The same crash will occur also when the file is loaded on a playlist and the media player will try to generate thumbnail image of the contents.
This exploit causes a remote crash in Opera 11.11. It is done by creating a font element in an iframe with an id of 'bo0om' and setting the face attribute to 'h3h' after a 500 millisecond delay.
CubeCart 2.0.7 is vulnerable to XSS & Remote SQL Injection, allowing an attacker to gain access to sensitive information from a remote location.
A vulnerability in the Scriptegrator plugin for Joomla! 1.5 allows attackers to include arbitrary files from the local system. This is done by sending a specially crafted HTTP request to the vulnerable server, which contains the file path in the request. The vulnerable code is located in the libraries/highslide/css/cssloader.php, libraries/highslide/js/jsloader.php, libraries/jquery/theme/cssloader.php, libraries/jquery/js/jsloader.php, and libraries/jquery/js/ui/jsloader.php files.
The vulnerability is triggered when a malicious user sends a crafted HTTP request with an Expect header containing malicious JavaScript code. The malicious code is then reflected back in the response page and executed in the context of the vulnerable web application.
Services By CQR