The CAPTCHA function for Kemana Directory is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. The function 'qvc_init()' in '/includes/function.php' sets a cookie with a SHA1-based hash value in the Response Header which can be replaced by a random SHA1 computed hash value using Cookie Poisoning attack. Successful exploit will allow attackers to bypass the CAPTCHA-based authentication challenge and perform brute-force attacks.
Kemana suffers from an authenticated file inclusion vulnerability (LFI) when input passed thru the 'run' parameter to task.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks.
Kemana Directory suffers from an authenticated arbitrary code execution. The vulnerability is caused due to the improper verification of uploaded files in several modules thru several POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/public/image' directory.
Kemana contains a flaw that is due to the 'kemana_admin_passwd' cookie storing user password SHA1 hashes. This may allow a remote MitM attacker to more easily gain access to password information.
Cart Engine stores database backups using the Backup DB tool with a predictable file name inside the '/admin/backup' directory as 'Full Backup YYYYMMDD.sql' or 'Full Backup YYYYMMDD.gz', which can be exploited to disclose sensitive information by downloading the file. The '/admin/backup' is also vulnerable to directory listing by default.
Cart Engine suffers from an authenticated file inclusion vulnerability (LFI) when input passed thru the 'run' parameter to task.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks.
Cart Engine suffers from an authenticated arbitrary code execution. The vulnerability is caused due to the improper verification of uploaded files in several modules thru several POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/public/image' directory.
In the administrative interface, the users can change their personal settings. The parameters 'name' and 'permalink' do not properly sanitize its input and allows malicious code to be stored in the XML file.
GOM Video Converter 1.1.0.60 is vulnerable to a memory corruption vulnerability. An attacker can exploit this vulnerability by crafting a malicious .wav file and sending it to the victim. When the victim opens the malicious file, the application will crash due to the memory corruption.
GOMMP 2.2.56.5183 is vulnerable to a memory corruption vulnerability. An attacker can craft a malicious .wav file and send it to the victim, which will cause the application to crash when the file is opened.
Services By CQR