On registration the XSS code will be stored in the database. When the administrator views the new sign-ups it will execute.
A vulnerability has been identified in the Glype web-based proxy. Glype has a filter to disallow users from surfing to local addresses, to prevents users from attacking the local server/network Glype is running on. The filter can easily be bypassed by using IPs in decimal form.
A path traversal vulnerability has been identified in the Glype web-based proxy that allows an attacker to run arbitrary PHP code on the server or to remove critical files from the filesystem. This only affects servers that are configured to store Glype cookies locally, disable PHP display_errors, and allow the webserver process to write to the filesystem (document root).
This module exploits a flaw within the Device Manager (rrobtd.exe). When parsing the 0x75 command, the process does not properly filter user supplied input allowing for arbitrary command injection. This module has been tested successfully on EMC AlphaStor 4.0 build 116 with Windows 2003 SP2 and Windows 2008 R2.
Joomla Mac Gallery suffers from Arbitrary File Download vulnerability. The 'album_id' variable is not sanitized, allowing an attacker to download arbitrary files from the server. The PoC exploit is http://localhost/index.php?option=com_macgallery&view=download&albumid=[../../filename].
Joomla Face Gallery 1.0 suffers from SQL injection and Arbitrary file download vulnerabilities. The 'aid' and 'img_name' variables are not sanitized, allowing an attacker to inject malicious SQL code or download arbitrary files from the server.
This exploit allows an attacker to download the database of an Onlineon E-Ticaret website. The exploit takes the URL of the website as an argument and downloads the database file from the server.
A buffer overflow vulnerability exists in the WS10 Data Server SCADA software, which could allow an attacker to execute arbitrary code on the target system. The vulnerability is due to insufficient boundary checks when handling user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted packet to the vulnerable application. This will cause a buffer overflow, allowing the attacker to execute arbitrary code on the target system.
This exploit discloses the ISP username and password of ZyXEL Prestig MODELO P-660HNU-T1v2 router. It uses the LWP::UserAgent and HTTP::Request Perl modules to send a GET request to the vulnerable file wzADSL.asp located at http://gateway/cgi-bin/wzADSL.asp. The exploit then parses the response content to extract the username and password.
LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
Services By CQR