In some cases the client does not do proper bounds checking on server responses. An overly long reply from the server causes a heap overflow and crashes the application. The USER, PASS, PASV, SYST, PWD, CDUP commands are all vulnerable and possibly other commands are too.
Input passed via the 'article_id' GET parameter to zero_view_article.php script is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
eFront 3.6.14.4 is vulnerable for a Persistent Cross Site Scripting Vulnerability. The vulnerability affects 'surname' parameter(Last Name Field) while updating the account details.
Unauthenticated SQL injection in Madness Pro panel <= 1.14 Proof of Concept retrieves a count of the bots, although it can be utilized for far more.
Unauthenticated persistent XSS in Madness Pro panel <= 1.14 Discovered and developed by bwall @botnet_hunter
Four injection points were useful to create a persistent Cross Site Scripting. All the injections are reached using default Web Client interface, but the Web Client Lite seems to be not vulnerable to these tests. The JavaScript is executed simply viewing the calendar or when the Reminder pops up.
A local file include web vulnerability has been discovered in the official Bluetooth Photo/Video /Musik /Contact /File Share v2.1 iOS mobile application. The local file include web vulnerability allows remote attackeres to include local files to compromise the mobile application or connected service.
A local file include web vulnerability has been discovered in the official AllReader v1.0 iOS mobile application by Wylsacom Waytt. The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application. The web vulnerability is located in the `filename` value of the `file upload` module. Remote attakers are able to inject own malicious file requests to compromise the mobile application.
A local file include web vulnerability has been discovered in the official TigerCom My Assistant v1.1 iOS mobile web-application. The vulnerability allows local attackers to inject malicious script codes to application-side of the vulnerable service. The vulnerability is located in the `file` value of the `index.php` file. Local attackers are able to inject own malicious script codes to application-side of the vulnerable service. The request method to inject is POST and the attack vector is local.
A local file include web vulnerability has been discovered in the official Privacy Pro v1.2 iOS mobile web-application. The local fil include web vulnerability allows remote attackers to include local files to compromise the web-application or connected system. The vulnerability is located in the `file` value of the `index.php` file. Remote attackers are able to inject own malicious files to compromise the web-application or connected system.
Services By CQR