This bug was found using the portal without authentication. To exploit the vulnerability only is needed use the version 1.0 of the HTTP protocol to interact with the application. It is possible to inject SQL code in the variable 'rate' on the page 'picture.php'.
The variable 'id' is not sanitized, allowing for an attacker to inject malicious SQL code into the vulnerable application. Over 80,000 downloads of the software have been reported on the official website.
Register and login to system and then submit new ticket. 'URL (optional)' input is not secure. You can run XSS payloads, use sample payload to test.
CorelDRAW is prone to an off-by-one memory corruption vulnerability. An attacker can exploit this issue by tricking a victim into opening a malicious CDR file to execute arbitrary code and/or to cause denial-of-service conditions.
A parameter at the login page of Subex ROC Fraud Management platform is vulnerable to blind-time based SQL injection. An unauthenticated malicious visitor is able to enumerate various information from the backend database including those of usernames and password hashes (select ranger_user_name,hashed_password from ROCDB.PASSWORDS where rownum<2). The hashes can further be cracked and be uesd to gain access to the application.
Plugin allows arbitrary commands to be executed by an authenticated user. The user will require administrative access rights to backup the database. User input when specifying your own file name is not sanitized as well as various other input fields. All user configurable variables are vulnerable, these variables need to be sanitized before being passed to the exec() function for execution.
This module exploits multiple vulnerabilities in Visual Mining NetCharts. First, a lack of input validation in the administration console permits arbitrary jsp code upload to locations accessible later through the web service. Authentication is typically required, however a 'hidden' user is available by default (and non editable). This user, named 'Scheduler', can only login to the console after any modification in the user database (a user is added, admin password is changed etc). If the 'Scheduler' user isn't available valid credentials must be supplied. The default Admin password is Admin.
PMP has a SQL injection vulnerability in its search function. A valid user account is required to exploit the injection, however a low privileged guest account is enough. The application uses different database backends by default depending on its version: versions < 6.8 use the MySQL backend and versions >= 6.8 use PostgreSQL. Single quotes are escaped with backslashes at the injection point, but this can be somewhat avoided by double escaping the slashes ('). In addition, injected strings are all modified to uppercase. These two unintended 'protections' make it difficult to exploit the injection to achieve remote code execution. However the injection can be abused in creative ways - for example to escalate the current user privileges to 'Super Administrator', which has access to all the passwords in the system in unencrypted format.
POST /servlet/MigrateLEEData?fileName=../tomcat/webapps/warfile.war%00 <... WAR file payload ...> and POST /servlet/MigrateCentralData?operatiom=upload&fileName=../tomcat/webapps/warfile.war%00 <... WAR file payload ...>
An unauthenticated user can download logfiles from multiple Barracuda products without authentication. This vulnerability affects Barracuda products with firmware v6.1.4.008 (2014-02-18 08:06:34) and v7.0.1.006 (2013-12-12 14:51:33). The affected products are X300Vx and 610VX respectively. The exploit can be performed by accessing the URLs https://firewall.ptest.cudasvc.com/cgi-mod/logexport.cgi and https://webfilter.ptest.cudasvc.com/cgi-mod/spyware_log_data.cgi, https://webfilter.ptest.cudasvc.com/cgi-mod/audit_log_data.cgi and https://webfilter.ptest.cudasvc.com/cgi-mod/infection_log_data.cgi.
Services By CQR