StageTracker 2 is vulnerable to a local denial of service attack. An attacker can create a file with a large number of 'B' characters and open it in StageTracker. This will cause StageTracker to crash.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'db_driver' parameter to several scripts. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes.
The vulnerability exists due to failure in the "index.php?admin=static_pages_edit&pk=home" script to properly sanitize user-supplied input in "page_text" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. An attacker can use browser to exploit this vulnerability. The following PoC is available: <form action="http://host/index.php?admin=static_pages_edit&pk=home" method="post" name="main"><input type="hidden" name="pk" value="home"><input type="hidden" name="page_tittle" value="Home"><input type="hidden" name="page_text" value="<script>alert('XSS')</script>"><input type="submit" name="submit" value="Save"></form><script>document.main.submit();</script>
Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in "v1" and "name" variables. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.
The vulnerability exists due to failure in the 'admin/editAdmin.php' script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability. The following PoC is available: <form action='http://host/admin/editAdmin/USER_ID' method='post' name='main'><input type='hidden' name='lv' value='3'><input type='hidden' name='+' value='on'></form><script>document.main.submit();</script>. User can execute arbitrary JavaScript code within the vulnerable application. The vulnerability exists due to failure in the 'admin/editGroup.php' script to properly sanitize user-supplied input in 'dsc' variable. Successful expoitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability. The following PoC is available: http://host/admin/editGroup.php?id=1&dsc=<script>alert(document.cookie)</script>
Exploit Buffer Overflow Enzip 3.00 is a vulnerability in Enzip 3.00 which allows an attacker to execute arbitrary code by creating a specially designed ZIP file. The attacker can then click the button to the right of the file name and select the option to open the program, which in this case is a MessageBox().
Multiple CSRF vulnerabilities were discovered in Openfire 3.6.4 Administrative Section. The vulnerable pages are user-create.jsp, user-password.jsp, user-delete.jsp, group-create.jsp, and group-edit.jsp. An attacker could exploit these vulnerabilities to perform malicious actions on behalf of the user.
An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious input in the 'blog' parameter. This can allow the attacker to include a file from the web server's file system, such as the web server's log files, which may contain sensitive information.
This exploit leverages a signedness error in the Phonet protocol. By specifying a negative protocol index, an attacker can craft a series of fake structures in userspace and cause the incrementing of an arbitrary kernel address, which can then be leveraged to execute arbitrary kernel code.
Services By CQR