If [sound] tag is allowed, an attacker can inject malicious JavaScript code in the form of [sound]http://url_to_valid_mp3_or_m3u_file.m3u"; onLoad="alert(document.cookie)[/sound]. Similarly, an attacker can inject malicious JavaScript code in the form of http://localhost/forum/pop_send_to_friend.asp?url=</textarea><img src="http://exploit.company/wp-content/uploads/2023/09/logo.gif"; onLoad="alert(document.cookie)">, where the space is important as it should be onLoad<space>="alert(document.cookie)".
Geeklog has several options to upload images. The image upload process does not validate the mime type of the upload. Geeklog trusts the mime type specified by the browser and also checks the file extension, both of which are very easy to spoof. Files with .jpg extensions can be uploaded, but these file can contain anything, like javascript or PHP code. Using FireFox you can upload any jpg extension and it will be accepted since FireFox sets the mime type based on file extension. Uploading usually requires that you first create a user account. Once an account is created, you can upload a user photo, which could take advantage of this vulnerability. Potential Abuse: Executable javascript can easily be uploaded. There are several XSS holes in many of the Geeklog plugins which could run the uploaded javascript. If a simple cookie stealing javascript were uploaded, it could be used to expose the Geeklog uid and password hash which is as good as having the actual password.
The album parameter in the tftgallery application is vulnerable to Cross-Site Scripting (XSS) and Directory Transversal attacks. An attacker can inject malicious JavaScript code into the album parameter, which will be executed in the user's browser. An attacker can also use the album parameter to traverse the directory structure of the application, potentially gaining access to sensitive files.
Denial of service vulnerability exists in Home FTP Server that causes the application to stop service when we send multiple irregular 'SITE INDEX' commands to the server.
Xion Audio Player is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
The vulnerability exists in /wt3/summary.php?select= if an attacker adds ' to the end of the URL, they can inject SQL code.
This exploit allows an attacker to inject malicious SQL commands into a vulnerable web application. It is possible to exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords.
This code should be run in a loop and due to problems with mutex handling in ptrace a DoS can occur when a destroyed mutex is attempted to be interlocked by OSX kernel giving rise to a race condition. The code has been tested against 10.5.6, 10.5.7 and 10.6.1.
This is a PoC based off the PoC release by Earl Chew (Updated by Brian Peters). It uses a race condition to exploit a vulnerability in the Linux kernel's 'pipe.c' file. The exploit uses a loop to continuously check for an active PID, and then uses the 'echo n > /proc/[pid]/fd/1' command to trigger the fault and run the exploit.
Blender embeds a python interpreter to extend its functionality. Blender .blend project files can be modified to execute arbitrary commands without user intervention by design. An attacker can take full control of the machine where Blender is installed by sending a specially crafted .blend file and enticing the user to open it.
Services By CQR