Cross site scripting/XSS can be done in the username field, <scriptalert("poc")</script, etc. SQLi vulnerability in the GET (log) param can be exploited by site.com/s2kdir/admin/options/logs.php?log=[sqli].
Sphider Search Engine versions before 1.3.6, 3.2 for sphider-pro, and 3.2 for sphider-plus, had an authentication bypass vulnerability in auth.php, which was fixed by adding an exit();. Additionally, all versions of Sphider have an SQL injection vulnerability, and all versions of Sphider/Pro/Plus have a Remote Code Execution vulnerability.
To exploit the unauthenticated request to change Wireless settings, an attacker needs to craft a specific POST Request. Passwords are stored in plaintext in the device and can be verified by going to the administration page. The cookie value generated is nothing more than the uptime of the AP.
SkaDate Lite suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/settings/user' script thru the 'avatar' and 'bigAvatar' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php5' extension (to bypass the '.htaccess' block rule) that will be stored in '/ow_userfiles/plugins/base/avatars/' directory.
SkaDate Lite version 2.0 suffers from multiple cross-site request forgery and stored xss vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Input passed to several POST parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
It was observed that the D-link DWR-113 wireless router is vulnerable to denial of service attack via CSRF(Cross-Site Request Forgery) vulnerability. An attacker could craft a malicious CSRF exploit to change the password in the password functionality when the user(admin) is logged in to the application ,as the user interface (admin panel) lacks the csrf token or nonce to prevent an attacker to change the password. As a result, as soon as the crafted malicious exploit is executed the router is rebooted and the user could not login thus forcing to reset the router’s device physically ,leading to a denial of service condition.
The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application. The web vulnerability is located in the `filename` value of the `upload` (submit file) module. Remote attackers are able to inject own files with malicious `filename` values in the `upload` POST metho request to compromise the mobile web-application.
Oxwall suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/settings/user' script thru the 'avatar' and 'bigAvatar' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php5' extension (to bypass the '.htaccess' block rule) that will be stored in '/ow_userfiles/plugins/base/avatars/' directory.
Oxwall version 1.7.0 suffers from multiple cross-site request forgery and stored XSS vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Input passed to several POST parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
A Cross-site Request Forgery (CSRF) vulnerability exists in UniFi Controller, mFi Controller, and AirVision Controller versions prior to v2.4.6, v2.0.15, and v2.1.3 respectively. An attacker can exploit this vulnerability to add an admin user to the controller without authentication. The attacker can then use the newly created admin user to gain access to the controller.
Services By CQR