A local file include web vulnerability has been discovered in the official wireless photo transfer mobile v3.0 iOS application. The file include vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application. The web vulnerability is located in the `album-title` value of the `file upload` module. Remote attackers are able to inject own files with malicious `filename` values in the `file upload` POST method request to compromise the mobile web-application. The local file/path include execution occurs in the index file dir listing and sub folders of the wifi interface.
The cattaDoc 2.21 version is vulnerable to a remote file disclosure vulnerability. The exploit allows an attacker to disclose files from the server by exploiting the 'download2.php' script. By manipulating the 'fn1' parameter in the URL, an attacker can traverse the directory structure and access sensitive files such as the '/etc/passwd' file.
This exploit allows remote code execution on MyBulletinBoard (MyBB) version 1.2.3 and below. It takes advantage of a SQL vulnerability that allows injection of malicious code. By exploiting this vulnerability, an attacker can upload a backdoor file and potentially gain full control over the target system.
The Skysa App Bar Plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The Lanoba Social Plugin for WordPress is vulnerable to a cross-site scripting (XSS) vulnerability due to improper input sanitization. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a user visiting the affected site, potentially leading to the theft of authentication credentials and other attacks.
The CWB PRO Version 1.5 has a vulnerability in the INCLUDE_PATH parameter of the cls_headline_prod.php, cls_listorders.php, and cls_viewpastorders.php scripts, which allows remote attackers to include arbitrary files from a remote server.
This module exploits a command injection vulnerability found in Symantec Web Gateway's setting restoration feature. The filename portion can be used to inject system commands into a syscall function, and gain control under the context of HTTP service. For Symantec Web Gateway 5.1.1, you can exploit this vulnerability by any kind of user. However, for version 5.2.1, you must be an administrator.
Local attackers can exploit this issue to execute arbitrary code with root privileges and completely compromise the affected computer.
The vulnerability allows an attacker to inject and execute arbitrary code on a vBulletin server. The attack involves registering on the vBulletin website, posting a message in the visitor message section, and manipulating the message data to include the malicious code. The code is executed when the message is viewed by another user. The vulnerability was discovered by Dariush Nasirpour (Net.Edit0r) in 2015.
The EvoLve theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Services By CQR