O2 Connection Manager suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable files with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group, making the entire directory 'O2 Connection Manager' and its files and sub-dirs world-writable.
Multiple CSRF vulnerabilities into RBS CHange Complet Open Source CMS which allow an attacker to tricks a regular logged in user by executing basket related commands like adding a product to the basket, setting a new shipping address, setting delivery mode, confirm basket and in some case confirm payment (tested with payment by check).
Croogo version 2.0.0 suffers from multiple stored cross-site scripting vulnerabilities. Input passed to several POST parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Croogo suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/file_manager/attachments/add' script thru the 'data[Attachment][file]' POST parameter and in '/admin/file_manager/file_manager/upload' script thru the 'data[FileManager][file]' POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/webroot/uploads/' directory.
A vulnerability in PayPal Inc BB #85 MB iOS 4.6 allows an attacker to bypass authentication and gain access to the system. The vulnerability exists due to insufficient validation of user input when authenticating. An attacker can exploit this vulnerability to gain access to the system without authentication.
By setting up a malicious web server that returns a specially crafted host header, an attacker is able to execute javascript code on the machine of the person performing a vulnerability scan of the web server. No escaping on javascript code is being performed when passing the server header to the affected Web UI version via a plugin. The javascript code will be stored in the backend database, and will execute every time the target views a report that returns the server header.
We found that most of the VigorACS SI deployments are using the default http authentication settings (acs/password). This is not so much a software vulnerability but more a configuration issue. The UploadDownloadServlet can be used to (read and) write files to the server directly. In addition, this functionality is accessible without having to provide the http authentication details. The regular expression that is used to prevent this is not sufficient: it removes occurences of '../' (without the quotes). By providing input like '....//', the middle '../' will be removed, while the remainder equals to '../'. We could now use the FileServlet to access any file on the server. The UploadFileServlet will append '.cfg' to the given filename, this means files uploaded via this mechanism aren't directly of use by an attacker. However, when the payload is a ZIP archive, the vuln. in 2.5 (Local unzip functionality) can be used to unpack an otherwise benign file into an full-blown JSP shell.
This module exploits an authenticated remote command execution vulnerability in the F5 BIGIP iControl API (and likely other F5 devices).
Rejetto HttpFileServer (HFS) is vulnerable to remote command execution attack due to a poor regex in the file ParserLib.pas. This module exploit the HFS scripting commands by using '%00' to bypass the filtering. This module has been tested successfully on HFS 2.3b over Windows XP SP3, Windows 7 SP1 and Windows 8.
This module exploits an arbitrary PHP code upload in the wordpress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code execution.
Services By CQR