The exploit allows an attacker to perform an SQL injection attack and disclose admin credentials in LifeType version 1.0.4_r3270. The exploit works regardless of the magic_quotes_gpc settings.
Using unsanitized user submitted data for file operations, attacker must be logged in as valid user, PHP must be < 5.3.4 for null-byte attacks to work. Result: remote file disclosure, php remote code execution.
This module exploits a buffer overflow vulnerability in the Isig.isigCtl.1 ActiveX installed with IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1. The vulnerability is found in the 'RunAndUploadFile' method where the 'OtherFields' parameter with user controlled data is used to build a 'Content-Disposition' header and attach contents in an insecure way which allows to overflow a buffer in the stack.
This exploit allows an attacker to change the admin password of a ZTE device. The attacker can submit a POST request to the accessaccount.cgi endpoint with the new password as a parameter. This can be done using the provided form in the HTML code.
The vulnerability is caused due to improper validation to GET and PUT Request containing dot dot slash ('../') sequences, which allows attackers to read or write arbitrary files.
PlumeCMS 1.2.4 (and below) is prone to multiple persistent XSS vulnerability due to an improper input sanitization of multiple parameters. The 'u_email' parameter and 'u_realname' parameter are not correctly sanitized before being passed to the server-side script 'manager/users.php' via HTTP POST method. An attacker who is able to change his profile settings could insert malicious code into the 'Email' field within the 'Authors' template, creating a persistent XSS vulnerability for all users/admins who access the Plume's management interface.
ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities. i) Input passed via the 'userid' and 'password' parameter in '/upload/login.php' page is not properly verified before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL queries. ii) Input passed via the 'userid' and 'password' parameter in '/upload/admin/login.php' page is not properly verified before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL queries.iii) Input passed via the 'cat' parameter in 'upload/feed.php' page is not properly verified before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL queries. iV) Input passed via the 's' parameter in 'upload/search.php' page is not properly verified before being used in an SQL query.
The Coppermine web picture gallery script version 1.5.18 is affected by multiple vulnerabilities. The first vulnerability is a stored cross-site scripting (XSS) in the picture keywords feature. This vulnerability allows an attacker with appropriate privileges to insert malicious code in the keywords field, which is later displayed in the HTML meta section, leading to XSS attacks. The second vulnerability is a path disclosure vulnerability in the "visible" feature of the software. This vulnerability allows an attacker to disclose sensitive information about the file structure of the server.
This exploit allows an attacker to escalate their privileges on a Pixelpost installation. The vulnerability exists in the index.php file near lines 670-680, where an SQL injection can be performed. By manipulating the 'category' parameter, an attacker can execute arbitrary SQL commands and potentially gain administrative access to the application.
The UltraMJCam ActiveX control in the TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long argument to the OpenFileDlg method, which triggers a stack-based buffer overflow.
Services By CQR