CubeCart 5.2.8 is vulnerable to a session fixation vulnerability. The only protection offered is via the User-Agent header field, which can spoofed to match the victim. When the victim logs in, the attacker can visit the same link (using the same User-Agent) and hijack the victim's session. The PHPSESSID parameter is not ignored and allows an attacker to specify their own session id. The code handling login procedures do not generate new sessions upon successful authentication.
Sendy 1.1.9.1 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'c' parameter of the 'send-to' page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable application.
This exploit leverages a stack overflow vulnerability to escalate privileges. The vulnerable function nfs_convert_old_nfs_args does not verify the size of a user-provided argument before copying it to the stack. As a result by passing a large size, a local user can overwrite the stack with arbitrary content.
The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and change administrator’s password or execute arbitrary system commands on vulnerable system with privileges of the webserver.
The Reflected XSS vulnerability exists in the Admin Area of QuickCms 5.4. The vulnerable code is present in the /quickcms/templates/admin/pages-form.php file. The CSRF vulnerability exists due to the lack of referer header check in the /quickcms/admin.php file. This can be bypassed using information from a website.
The vulnerability exists in the CSUpload script, which is a file uploader script. It allows an attacker to bypass authentication and gain access to the database, allowing them to upload files or shells. The vulnerability is present in the CSUpload.cgi script, which can be accessed by appending ?command=login to the URL.
This exploit is used to test for the SSL heartbeat vulnerability (CVE-2014-0160) by sending a malformed heartbeat request to the server. If the server is vulnerable, it will return more data than it should, indicating that the server is vulnerable.
Different Fritz!Box devices are vulnerable to an unauthenticated OS command injection. This module was tested on a Fritz!Box 7270 from the LAN side. The vendor reported the following devices vulnerable: 7570, 7490, 7390, 7360, 7340, 7330, 7272, 7270, 7170 Annex A A/CH, 7170 Annex B English, 7170 Annex A English, 7140, 7113, 6840 LTE, 6810 LTE, 6360 Cable, 6320 Cable, 5124, 5113, 3390, 3370, 3272, 3270
Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed may be exploited regardless of whether the parties have enabled or even support TLS. It results from a missing bounds check in the handling of the TLS heartbeat extension, which in turn leads to a buffer over-read. This allows attackers to read up to 64kB of memory from the server.
The vulnerability allows an remote attackers to execute own malicious system specific codes to compromise the iOS mobile application. The vulnerability is located in the message body input and affects the bluetooth message listing. Remote attackers are able to inject own system specific codes in the bluetooth message listing to compromise mobile application.
Services By CQR