HMS released a free tool named 'Anybus IPconfig' which can be used to scan a network where the devices are connected. The components of this application are a simple MFC based GUI and a dll (hicp.dll). The tool sends a broadcast UDP packet containing the string 'Module Scan' to the HICP port (3250). Once the device receives that packet it broadcasts a reply, which contains its current configuration, to the network omitting the source IP.
A SQL injection vulnerability was discovered in EEGshop 1.2. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'shhr_inc.asp' script. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable script and execute arbitrary code on the underlying database.
Oracle E-Business Suite is prone to multiple authentication-bypass and HTML-injection vulnerabilities. Attackers could exploit these issues to steal cookie-based authentication credentials, perform unauthorized actions, or bypass certain security restrictions. Other attacks are also possible. Some of these vulnerabilities may be documented in BID 33177 (Oracle January 2009 Critical Patch Update Multiple Vulnerabilities). Reportedly, the HTML-injection and some authentication-bypass vulnerabilities were addressed in the Oracle January 2009 Critical Patch Update.
The email value is not properly sanitised when an INSERT query is used and this is the cause of the Blind SQL Injection.
TenderSystem 0.9.5 Beta is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability to include local files on the server. This can be exploited by sending a specially crafted HTTP request with directory traversal sequences and a null byte (%00) to the vulnerable application. This can be used to read sensitive files from the server.
mini Hosting Panel script suffers from XSRF vulnerability that enables us to change admins info such as id, password, email...
A CSRF vulnerability exists in Text Exchange Pro, which allows an attacker to create an administrator account with full privileges. An attacker can craft a malicious HTML page containing a form with hidden fields that when submitted, will create an administrator account with full privileges. The form can be submitted without the user's knowledge or consent.
Ez Poll Hoster is vulnerable to multiple XSS and XSRF vulnerabilities. In the user panel, an attacker can inject malicious JavaScript code in the 'pid' parameter of the 'index.php' page. Additionally, an attacker can delete a poll by providing the poll name in the 'pid' parameter of the 'delete_poll' page. In the admin panel, an attacker can inject malicious JavaScript code in the 'uid' parameter of the 'profile.php' page. An attacker can also delete a user by providing the user name in the 'uid' parameter of the 'manage' page. Furthermore, an attacker can send an email to all users by accessing the 'email' page.
Admin password is saved locally in pwd.txt file with some simple encoding. List of subscribed emails is saved locally in subscribe.txt file with base64 encoding. Each line holds info about 1 subscriber.
With this exploit we can remotely change admins password.