Text Chat Room Software of ProoChatRooms is vulnerable to Stored XSS, Reflected XSS and SQL injections. After registered an account, an attacker can upload a profile picture containing Javascript code. The picture is uploaded under the directory '/profiles/uploads' and is accessible by force browsing to the 32 digits value. The parameter 'edit' is not encoded and can be used to inject malicious code. Across the all source code of web application, parameterized queries are used to query the database. However, a lack of data sanitization of three parameters leaves the web application vulnerable to SQLi.
HybridAuth enable developers to easily build social applications to engage websites vistors and customers on a social level by implementing social signin, social sharing, users profiles, friends list, activities stream, status updates and more. I just found that the latest development version (2.2.2-dev) in Github was trying to patch this months ago. However, the sanitization is not sufficient to prevent PHP code injection. We can inject to next value that will never be sanitized with htmlentities() :/ Note that the default installation leave 'install.php' untouched.
This exploit is a kernel pool overflow vulnerability in Symantec Endpoint Protection 11.x and 12.x. It allows an attacker to gain arbitrary code execution in the context of the SYSTEM user. The vulnerability is triggered by sending a specially crafted IOCTL request to the vulnerable driver. The exploit uses a technique called “kernel pool spraying” to increase the chances of success.
Multiple web vulnerabilities have been discovered in the official FreeDisk v1.01 iOS mobile web-application. The vulnerabilities include local file include, local file path traversal, local file upload, local file delete, local file manipulation, and local file access. These vulnerabilities allow remote attackers to include, traverse, upload, delete, manipulate, and access local files from the mobile device to compromise the mobile web-application.
A directory traversal web vulnerability has been discovered i the official Bluefinger App Video WiFi Transfer/MP4 Conversion v1.01 iOS mobile application. The vulnerability allows remote attackers to traverse directories and read sensitive files from the mobile web-application. The vulnerability is located in the `file` value of the `/download` POST method request. Remote attackers are able to inject malicious path traversal strings to read sensitive files from the mobile web-application.
The domain name parameters of the 'Parental Control' and 'Access Control' features of the TP-Link TL-WR740N v4 (FW-Ver. 3.16.6 Build 130529 Rel.47286n) router are prone to arbitrary shell command execution as root for users who are authenticated against the web interface. Each shell payload is restricted up to 28 bytes. The 'Parental Control' feature allows you to specify 8 domains (= 8 commands) so you have 8 x 28 = 244 bytes of shell commands. This is sufficient to post-load and execute a shell script of arbitrary length from a tftp server. Employing this method one can gain full control over the device when post-loading a mightier busybox MIPS binary and executing telnetd or using netcat to connect back. Default login credentials are known to be root:5up, Admin:5up or ap71:.
The vulnerability exists due to insufficient access restrictions when accessing the "/data.php" script. A remote attacker can send a specially crafted HTTP GET request to vulnerable script and execute arbitrary UPDATE SQL commands in application’s database. Successful exploitation of the vulnerability allows modification of arbitrary database record. A remote attacker can modify or delete information stored in database and gain complete control over the application.
A directory traversal web vulnerability has been discovered in the official BlueFinger Photo WiFi Transfer v1.01 iOS mobile application. The vulnerability allows remote attackers to bypass the path restriction of a service to access sensitive app-, web-server oder system files. The vulnerability is located in the `ftp` service of the application. Remote attackers are able to inject own malicious ftp commands to access restricted files and directories of the application.
While logged in as admin user, add a shell user and set gid to ispconfig. Log in as that user and edit /usr/local/ispconfig/interface/lib/lang/en.lng with system($_GET['cmd']). Browse to http://server:8080/index.php?cmd=echo /tmp/script >>/usr/local/ispconfig/server/server.sh to create /tmp/script and put a command you wish to be executed as root. Browse to http://server:8080/index.php?cmd=chmod +x /usr/local/ispconfig/server/server.sh and http://server:8080/index.php?cmd=/usr/local/ispconfig/server/server.sh to execute the command as root.
Multiple persistent input validation vulnerabilities are detected in the official TigerCom iFolder+ v1.2 iOS mobile application. The vulnerability allows remote attackers to inject malicious persistent script codes to application-side of the vulnerable service module. The vulnerability is located in the `name` and `password` value of the `login` module. Remote attackers are able to inject own malicious persistent script codes to the application-side of the vulnerable service module. The request method to inject is POST and the attack vector is located on the application-side.
Services By CQR