There is a add member/editor/admin CSRF vulnerability in this CMS which is very clean for an attacker. The admin will not be told a user has been added and will land into the admin console without any other suspicion. Additionally, the user cannot be simply deleted. Access to the filesystem is required to remove the private/[username].xml config file required for the users authentication. The CMS actually allows users to execute a command when they backup the website files to an arbitary location on the server. This is simply a design flaw and it doesn't matter if you are a member, editor or admin. You can execute code.
CompactCMS 1.4.1 has multiple XSS and File Disclosure vulnerabilities. These file disclosures will appear if the users have access to view open directories. The XSS vulnerabilities can be found in the afdrukken.php and permissions.Manage.php files.
Failure to sanitize the BBcode image tags in the forum posts allows attacker to perform XSS attacks. Attacker can't inject any 'src' attribute in the attack, so a second POC is used which involves writing a script using String.fromCharCode().
ViArt Shop 4.0.5 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this vulnerability to change the admin password and add a new admin account without the knowledge of the admin. This vulnerability can be exploited by sending a malicious link to the admin or by embedding the malicious code in an iframe on a website that the admin visits.
This exploit is for the parameter injection bug in Realplayers RecordClip() activeX function and firefox plugin. It is possible to spoof the download of any file and make it look like it is downloading a normal mp3 file. It is also possible to make it download to any location on the disk instead of the realplayer downloads folder. The extension on server side must be a valid media file (ie: .mp3) and a chimera file must be created which will parse as a valid mp3 file and a valid batch file. This can be done by taking a valid mp3 file and modifying it in a hex editor to have the batch commands in the first couple of bytes.
A parameter is not properly sanitised before being used in SQL queries, which can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Objectivity/DB includes many different tools for administration. The problem is, anyone can use these tools to perform operations on the host running the lock server, advanced multithreaded server, and probably it's other servers as well, without any authentication. This design flaw puts the host running these servers at risk of potentially unauthorized operations being performed on the system, locally or remotely.
This exploit is a Denial of Service (DoS) attack against BlackmoonFTP Server version 3.1 Release 6 - Build 1735 and 1736. It sends a malicious buffer of 600 'A' characters to the server, which causes it to crash. The exploit is written in Python and can be run from the command line.
A heap overflow vulnerability was discovered in the Q Public License (QPL) software. The vulnerability allows an attacker to execute arbitrary code on the target system.
Failure to sanitize the http referer header in index.php results in a cross site scripting attack against admins or any user able to view blog statistics. An attacker could use an intercepting proxy or manual requests to perform this attack, the referer is recorder into the database when visiting any section in the index.php (albums, archives,etc....), a user with only the privilege to login could perform this attack, the issue affects all browsers.
Services By CQR