Codiad is a web-based IDE framework with a small footprint and minimal requirements. An attacker can exploit a Cross Site Scripting vulnerability in the 'dialog.php' script by injecting malicious JavaScript code in the 'short_name' parameter. Additionally, an attacker can exploit a Local File Inclusion vulnerability in the 'download.php' script by accessing the 'path' parameter to download private files from the server.
GQ File Manager is a lightweight file manager that enables files to be uploaded to and downloaded from a server directory. GQ File Manager is great for creating and maintaining a simple cloud-based repository of files that can be accessed from anywhere on the Internet. For Cross Site Scripting, an attacker can create a new file with malicious code and for Sql Injection, an attacker can inject malicious code in the path of the file.
Piwigo is a photo gallery software for the web that comes with powerful features to publish and manage your collection of pictures. Cross Site Scripting vulnerability can be exploited by entering malicious code in the box of group list. SQL Injection vulnerability can be exploited by entering malicious code in the control panel of admin and other users.
This exploit is used to send multiple NBNS, GG Client and DHCP headers to the target system in order to cause a denial of service.
preg_match() only check if $_GET['code'] contains at least one letter or digit (missing ^ and $ inside regexp). File: bb_func_unsub.php $usrid=(isset($_GET['usrid'])?$_GET['usrid']+0:0); $allowUnsub=FALSE; $chkCode=FALSE; if(isset($_GET['code']) and preg_match("#[a-zA-Z0-9]+#", $_GET['code'])){ //trying to unsubscribe directly from email $chkField='email_code'; $chkVal=$_GET['code']; $userCondition=TRUE; $chkCode=TRUE; } else{ //manual unsubsribe $chkField='user_id'; $chkVal=$user_id; $userCondition=($usrid==$user_id); } if ($topic!=0 and $usrid>0 and $userCondition and $ids=db_simpleSelect(0, $Ts, 'id, user_id', 'topic_id', '=', $topic, '', '', $chkField, '=', $chkVal))
This exploit is a second order LFI through SQLI, so first we must write some data to disk. Luckily the application logs all sort of stuff, so lets poison the application log. The reason for this is manyfold, read on. This is the vulnerable line, as the contentfile variable is not sanitized and is directly used in the include statement. So by poisoning the logfile with our malicious code, we can now use the logfile to execute our code.
CIK Telecom VoIP router SVG6000RW has a Privilege Escalation vulnerabilitie and can lead to Command Execution. Login as a normal user with default username 'User' and password 'cikvoip' and change URL to http://URL/adm/system_command.asp and now u can run commands.
The CMS Papoo Light Version has a persistent XSS vulnerability in its guestbook functionality and in its user-registration functionality. Papoo Light CMS v6 provides the functionality to post comments on a guestbook via the following url: http://{target-url}/guestbook.php?menuid=6. The input fields with the id „author“ is vulnerable to XSS which gets stored in the database and makes that vulnerability persistent. People can register themselves on Papoo Light v6 CMS at http://{target-url}/account.php?menuid=2. Instead of using a proper username, an attacker can inject HTML and/or JavaScriptcode on the username input-field.
This module exploits a command execution vulnerability in ActualAnalyzer version 2.81 and prior. The 'aa.php' file allows unauthenticated users to execute arbitrary commands in the 'ant' cookie.
This module exploits a PHP object injection vulnerability in Tuelap <= 7.6-4 which could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize() call exists in the 'src/www/project/register.php' file. The exploit abuses the destructor method from the Jabbex class in order to reach a call_user_func_array() call in the Jabber class and call the fetchPostActions() method from the Transition_PostAction_FieldFactory class to execute PHP code through an eval() call. In order to work, the target must have the 'sys_create_project_in_one_step' option disabled.
Services By CQR