Due to improper sanitization, InfoStation.cgi is prone to a SQL Injection vulnerability in its "username" and "password" fields, which could lead an attacker to take over the server database. The vulnerability can be exploited by manipulating the aforementioned parameters as decribed in the following example: http://www.example.com/web_reports/cgi-bin/InfoStation.cgi?mod=login&func=process&database=1&lang_code=en&report_group=Adm&filter=aaa&username=[SQLI]&password=[SQLI] Currently, the username/password fields on the Infostation login page are vulnerable to attack through modification of the URL via sql injection.
ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar to what the popular top Unix command does. The web-based frontend of the software is vulnerable to injection of script code via forged HTTP Host: request header lines in monitored network traffic. HTTP Host request header lines are extracted using nDPI traffic classification library and used without sanitization in several places in the frontend, e.g. the Host overview and specific subpages for each monitored host. The injected code might be used to execute javascript and to perform management actions with the user-rights of the current ntopng user, which can be used to disable the monitoring function or deletion of accounts making the monitoring system unusable.
This module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet, which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and Password Manager Pro v6 build 6500 to v7 build 7002 (including the MSP versions). The SQL injection can be used to achieve remote code execution as SYSTEM in Windows or as the user in Linux. This module exploits both PostgreSQL (newer builds) and MySQL (older or upgraded builds). MySQL targets are more reliable due to the use of relative paths; with PostgreSQL you should find the web root path via other means and specify it with WEB_ROOT.
The UI does not check if a request was sent originating from a page it delivered before or from an untrusted and potentially malicious source. With a CSRF attack a malicious third party is able to change any configurable items from remote if an administrator is logged in to the user interface and visits a malicious website or clicks a manipulated link under the control of the attacker. The lack of a logout mechanism and the use of the digest authentication scheme increases the probability of successful exploitation, because the user session will never expire automatically.
PHP Stock Management System 1.02 is vulnerable for multiple Persistent Cross Site Scripting Vulnerabilities. The vulnerability affects 'sname'(Store Name Field), 'address'(Address Field), 'place'(Place Field), 'city'(City Field), pin(Pin Field), website(Website Field), email(Email Field) parameters while updating the store details in 'update_details.php' and when seen in 'view_report.php'
RaidenTunes is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
This module exploits a PHP code execution vulnerability in HybridAuth versions 2.0.9 to 2.2.2. The install file 'install.php' is not removed after installation allowing unauthenticated users to write PHP code to the application configuration file 'config.php'. Note: This exploit will overwrite the application configuration file rendering the application unusable.
Cross Site Scripting can be exploited by filling the Forum Name, Website Name, and Website URL fields with malicious code during the installation wizard. SQL Injection can be exploited by searching for malicious code keywords in the Inbox, Show Thread, Search, Help Documents, and Forum Display pages.
This exploit is a buffer overflow vulnerability in BlazeDVD Pro v7.0. It allows an attacker to execute arbitrary code by overflowing a buffer in the program. The exploit is triggered when a specially crafted .plf file is opened. The exploit uses a SEH overwrite to gain control of the program.
This module takes advantage of the addition of authorized ssh keys in the gitlab-shell functionality of Gitlab. Versions of gitlab-shell prior to 1.7.4 used the ssh key provided directly in a system call resulting in a command injection vulnerability. As this relies on adding an ssh key to an account valid credentials are required to exploit this vulnerability.
Services By CQR