DirPHP - version 1.0 is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability to gain access to sensitive files on the server.
The vulnerability allows unauthenticated users to remotely restart and reset the router. To reset the router without any authentication, execute the following URL http://ROUTER-ipaddress/SubmitMaintCONFIG?ACTION=R%E9tablir+la+configuration+initiale in the URL bar.
ZeroCMS is a very simple Content Management System Built using PHP and MySQL. The application does not validate any input to the 'Full Name', 'Email Address', 'Password' or 'Confirm Password' functionality. It saves this unsanitized input in the backend databased and executes it when visiting the subsequent or any logged-in pages.
A vulnerability within the MQAC.sys module allows an attacker to overwrite an arbitrary location in kernel memory. This module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process.
A persistent XSS vulnerability was found in Zenoss core, by creating a malicious host with the Title <script>alert("Xss")</script> any user browsing to the relevant manufacturers page will get a client-side script executed immediately.
A heap overflow vulnerability exists in Make 3.81, which allows an attacker to dereference a pointer by overflowing the heap buffer. This can be exploited to execute arbitrary code by supplying a malicious input to the program. The vulnerability is present in the 32-bit version of the program, and can be triggered by supplying a large input to the program.
A buffer overflow vulnerability exists in BulletProof FTP Client 2010, which could allow an attacker to execute arbitrary code on the target system. The vulnerability is due to a boundary error when handling user-supplied input. An attacker could exploit this vulnerability by sending a specially crafted request to the vulnerable application. Successful exploitation could result in arbitrary code execution in the context of the application.
Wordpress Video Gallery 2.5 suffers from SQL injection and Cross Site Script vulnerabilities. SQL Injection 1 (Authentication NOT Required): Open the browser and connect to url http://VICTIM/wp-content/plugins/contus-video-gallery/myextractXML.php, copy a video_id number (ex. video_id="1"), and use sqlmap -u "http://VICTIM/wp-admin/admin-ajax.php?action=myextractXML&vid=1" -p vid. SQL Injection 2 (Authentication Required): Use sqlmap --cookie="INSER_WORDPRESS_COOKIE_HERE" -u "http://VICTIM/wp-admin/admin.php?page=newplaylist&playlistId=1" -p playlistId and sqlmap --cookie="INSER_WORDPRESS_COOKIE_HERE" -u "http://VICTIM/wp-admin/admin.php?page=newvideo&videoId=1" -p videoId. XSS Reflected Autentication NOT Required: Open the browser and connect to url http://VICTIM/wp-content/plugins/contus-video-gallery/hdflvplayer/hdplayer.swf, insert the following code in the url ?baserefW=javascript:alert(document.cookie), and the XSS will be triggered.
Omeka suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/items/add' script thru the 'file[0]' POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/files/original' directory after successfully disabling the file validation option (or adding something like 'application/x-php' into the allowed MIME types list) and bypassing the rewrite rule in the '.htaccess' file with '.php5' extension.
An attacker is able to extract sensitive information such as the password from the Basic Settings router page due to storing it in plaintext.
Services By CQR