The Membris v 2.0.1 application is vulnerable to SQL Injection, XSS, and File Disclosure vulnerabilities. The SQL Injection vulnerability can be exploited through the 'voir-actualites.php' page by manipulating the 'idn' parameter. The XSS vulnerability can be exploited through the 'search.php' page by manipulating the 'req' parameter. The File Disclosure vulnerability can be exploited through the 'admin/actions-plugin.php' page by manipulating the 'acces' parameter.
The vulnerabilities allow an attacker to perform a reflected cross-site scripting (XSS) attack and a cross-site request forgery (CSRF) attack. The XSS vulnerability can be exploited by injecting malicious code through the 'nsextt' parameter in the 'index.php' page. The CSRF vulnerability can be exploited by submitting a crafted form to the 'content.php?screen=resellers/edit_reseller' endpoint. Both vulnerabilities allow the attacker to execute arbitrary code or perform unauthorized actions on behalf of the victim.
High-Tech Bridge SA Security Research Lab has discovered 2 buffer overflow vulnerabilities in Wireless Manager Sony VAIO which can be exploited to execute arbitrary code on vulnerable system.
This module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minutes to retrieve access_log, which is about the amount of time required to see a shell back.
A blind SQL injection vulnerability exists in the 2.4.5 core of Jaow. The vulnerable page is add_ons.php, where the add_ons variable is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability by injecting malicious SQL code into the add_ons parameter. This can lead to unauthorized access to the database.
GUESTEX guestbook is vulnerable to remote code execution in how it handles its 'email' parameter. The script does not properly sanitize the 'email' parameter, which is used when opening a pipe to sendmail.
Exploit for educational purpose only. SuperNews are a brazilian news system in PHP and MySQL. Versions priors to 2.6 have a simple SQL Injection on view news. The developer tried to fix the bug removing keywords like "union" and "select". But, with a recursion, it's possible to bypass this filters. Another SQL Injection on the administration panel: When deleting a post, you can inject SQL for delete all news on the database. Another vulnerability allows to delete files, on the administration panel: When deleting a post, a variable called "unlink" will talk to the system the new's image for delete. But it's possible to delete others files, typing all the file path or using "../".
This vulnerability allows an attacker to inject malicious scripts into the first name or last name field on the Edit account page. When a user visits the attacker's page, the injected script will execute.
The vulnerability lies in the COM component used by the product SkinCrafter from DMSoft Technologies. This COM component, SkinCrafter3_vs2005.dll, implements a function InitLicenKeys, whose parameter is not checked for the bounds, hence leading to the overflow condition.
Making a HTTP request to any file in /cgi-bin/ directory, with .cfg extension, will return all the device configuration.
Services By CQR