CMS Made Simple, an open source content management system, allows for faster and easier management of website content. This CMS is scalable for small businesses to large corporations. XSS in admin console, weak CSRF protection and a possible PHP object insertion via unserialize.
Reflected XSS can be exploited by sending a maliciously crafted URL to the vulnerable application. The malicious URL contains a script which is executed by the vulnerable application. Persistent XSS can be exploited by sending a maliciously crafted form to the vulnerable application. The malicious form contains a script which is stored by the vulnerable application and executed when the stored data is retrieved.
This vulnerability can be exploited by sending a base64 encoded payload as the 'token' parameter to the newsletter unsubscribe page of the target site. Payload [1] abuses several Zend classes to achieve remote code execution (based on Stefan Esser's technique in [2] and Egidio Romano's exploit code from [3]). Payload [4] abuses Zend_Http_Response_Stream to delete a file in /tmp/deleteme and works in all PHP versions.
WHM AutoPilot is susceptible to several potentially very dangerous file include vulns. Most of these are caused by calling scripts directly and specifying certain variable values yourself. There are a significant number of cross site scripting issues in WHM AutoPilot. This can be used to include php scripts and possibly take control of the webserver and more. A user does not have to be logged in to exploit this vulnerability either so that just makes it even more dangerous.
Cross site scripting exists in Jason Morriss PsychoStats. This vulnerability exists due to user supplied input not being checked properly. Below is an example. http://www.example.com/stats/login.php?login=%22%3E%3Ciframe%3E This vulnerability could be used to steal cookie based authentication credentials within the scope of the current domain, or render hostile code in a victim's browser.
GulfTech Security Research have discovered Cross Site Scripting issues that are believed to be present in multiple LiveWorld Inc products such as LiveForum, LiveQ&A, LiveChat and LiveFocusGroup. It is also a good possibility that this issue exists in other LiveWorld products as they "seem" to share some of the same code. If you believe this to be incorrect, or have proof of it being 100% accurate then please let us know. These issues could allow for an attacker to run code in the context of a victims browser or temporarily deface a website that is running any of the affected applications.
This module exploits a command injection flaw found in the get_license function found within Util.pm. The vulnerability is triggered due to an unsanitized $license_type parameter passed to a string which is then executed by the system.
This module exploits an information disclosure vulnerability found within the get_file function in Util.pm. The vulnerability exists because of an unsanitized $r_file parameter that allows for the leaking of arbitrary file information.
A child process can trigger the bug by changing the value of ap_scoreboard_e sb_type, which resides in the global_score structure on the shared memory segment. The value is usually 2 (SB_SHARED). When changing the scoreboard type of a shared memory segment to something else, the root process will try to release the shared memory using free during normal shutdown. Since the memory was allocated using mmap, not malloc, the call to free from ap_cleanup_scoreboard (server/scoreboard.c) triggers abort within libc.
Execution of a sequence of crafted scripts causes bprm->interp pointer to be set to data within current stack frame. When frame is left, data at location of dangling pointer can be overwritten before it is added to argv-list in next run and then exported to userspace.
Services By CQR