A local file include web vulnerability has been discovered in the official PhotoWIFI Lite or WIFI Photo and Files Transfer v1.0 iOS mobile web-application. A file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the web-application or mobile device.
This exploit allows an attacker to upload a malicious file to a vulnerable PlexusCMS 0.5 installation. The attacker can then use XSS and social engineering techniques to get the victim to open a malicious URL, which will execute the malicious file.
AudioCoder-0.8.29 is vulnerable to a memory corruption vulnerability which can be exploited to execute arbitrary code. The vulnerability is due to a buffer overflow when handling specially crafted .m3u files. An attacker can exploit this vulnerability by sending a specially crafted .m3u file to the victim. This will cause a buffer overflow and overwrite the SEH chain, allowing the attacker to execute arbitrary code.
An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.
A local file include web vulnerability has been discovered in the official iStArtApp FileXChange v6.2 iOS mobile web-application. A file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the web-application or mobile device.
Kunena is the leading Joomla forum component. Downloaded more than 3,750,000 times in nearly 6 years. Kunena is written in PHP. Users can post a Google Map using the following BBCode [map]content[/map]. Kunena creates a JavaScript based on input, but doesn't decode it correctly. Single quotes remain untouched in $content, so it's possible to break out of encapsulation. The PoC Exploit is [map]'}});}});alert('XSS');(function(){{(function(){{var v='[/map].
LinkEx is a open source web application for exchanging link, which most of the porn sites uses it. First, go to the website http://site.com/linkex/?page=admin and click on forgot password and enter the captcha. Then, go to site.com/linkex/data/config/config and note down the 'key' parameter. Finally, use the key at site.com/linkex/?page=resetpassword&key=[key] to reset the password.
Multiple persistent input validation vulnerabilities are detected in the Easytime Studio Easy File Manager v1.1 mobile web-application. The vulnerabilities are located in the `name` and `path` value of the `upload` and `create` module. Remote attackers are able to inject own malicious script codes to the application-side of the vulnerable module. The request method to inject is POST and the attack vector is located on the application-side. The security risk of the persistent input validation vulnerabilities are estimated as high with a cvss (common vulnerability scoring system) count of 7.9. Exploitation of the persistent input validation vulnerability requires a low privilege web-application user account and low user interaction. Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected or connected module context.
A local file include web vulnerability has been discovered in the official Lazybone Studios WiFi Music v1.0 iOS mobile web-application. A file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the web-application or mobile device.
A code execution web vulnerability has been discovered in the official Gummy Bear Studios FTP Drive + HTTP Server v1.0.4 iOS mobile web-application. The remote vulnerbaility allows an attacker to compromise the application and co-system to execute system specific commands. The vulnerability is located in the `/bin/sh` file of the application. Remote attackers are able to inject own malicious script codes to the vulnerable `/bin/sh` file to compromise the application and co-system.
Services By CQR