Siena CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Every registered user can update every WordPress options using basic_settings() function. Login as standard user (created using wp-login.php?action=register) then submit a form with a hidden input containing a value of 'administrator' for the 'default_role' parameter. After that create new user using wp-login.php?action=register. Newly created user will have admin privileges.
An attacker can exploit this vulnerability by creating a malicious report and injecting a JSP payload into the SOAP request. The payload will be executed on the server side.
Every registered user (even Subscriber) can access upload functionality because of read role used inside UploadHandler.php. A proof of concept is provided which involves packing .php files into a .zip archive and sending it using a form. The files will be visible inside a specified directory.
jetAudio 8.1.3 Basic is vulnerable to a use-after-free vulnerability when opening a specially crafted mp4 file. This can lead to a crash of the application.
This module exploits a file upload vulnerability in ProjectSend revisions 100 to 561. The 'process-upload.php' file allows unauthenticated users to upload PHP files resulting in remote code execution as the web server user.
The 'Web Site' input field at the Profile section of Social Microblogging PRO 1.5 is not secure and can be used to run XSS payloads. Sample payload: http://example.com/">[xssPayload]
Pre-auth command injection using an exposed Apache Felix, exposed by default on all Liferay Portal 7.0 installs.
Custom message with non-printable characters will crash any WhatsApp client < v2.11.476 for android. It uses Yowsup library, that provides us with the options of registration, reading/sending messages, and even engaging in an interactive conversation over WhatsApp protocol.
Easy File Sharing Webserver version 6.8 is vulnerable to a persistent XSS attack. An attacker can inject malicious JavaScript code into the username field when registering, which will be executed when the user logs in.
Services By CQR