This CMS has bad anti-XSS filter that cut only some basic vectors. The loginned user can inject persistent XSS by adding to article text or comment <img src="http://google.com" onerror="alert(document.cookie)" />. User can get admin rights if admin open malicious page that contain, for instance: <img src="http://explay.localhost/admin.php?name=users&page=1&order=user_id&set_admin=2" /> or merely insert it to comment or article text.
A remote SQL injection vulnerability was discovered in easyLink V1.1.0 (detail.php). An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server, which contains malicious SQL statements in the 'act' and 'cat' parameters. This can allow the attacker to gain access to sensitive information from the database, such as user credentials.
A buffer overflow vulnerability exists in fhttpd 0.4.2 when handling 'Basic' Authorization. An attacker can send a specially crafted 'Basic' Authorization header with a large amount of data, which can cause a stack-based buffer overflow. This can allow an attacker to execute arbitrary code in the context of the application.
Pluck 4.5.3 update.php script carries a dangerous vulnerability which allows an attacker to delete the files with language and theme preferences. The script fails to include the langpref.php script and 'langpref' variable is not initialized.
The NuMedia Soft NMS DVD Burning SDK Activex (NMSDVDX.dll) is vulnerable to a remote code execution vulnerability. An attacker can use the “EnableLog” method to overwrite a specified file and the “LogMessage” one to write new lines on it. Through the Help and Support Center and the pluggable “hcp://” protocol, the attacker can launch their file. The Help Center will host the page with elevated privileges, allowing the page to script arbitrary controls with no prompts presented to the user.
By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards.
ProActive CMS is prone to a local file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to view sensitive files on the affected computer; this may aid in further attacks.
This exploit allows an attacker to inject malicious SQL queries into the vulnerable application. The vulnerable parameter is the 'id' parameter which is not properly sanitized before being used in a SQL query. By exploiting this vulnerability, an attacker can gain access to the application's database and potentially gain access to sensitive information.
The vulnerability exists in the $neturl variable in collect.php, which is short of enough check. When the attacker registers a new user, he can pass the user check and then submit any filename to $neturl so that collect.php can read it.
A remote SQL injection vulnerability exists in ProArcadeScript v1.3. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information. This can be exploited to gain access to the database and execute arbitrary SQL commands.
Services By CQR