The vulnerability exists due to improper validation of user-supplied input in the 'friend_user_name', 'friend_full_name' and 'friend_user_mail' parameters of the 'submit_mod_data.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary HTML and script code in the browser of the unsuspecting user in context of the vulnerable website. An attacker can also leverage CSRF to perform certain actions with the privileges of the targeted user, if the user has an active session and is induced to click a malicious link.
An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknownvectors related to Report Server Component.
The Vulnerability Laboratory Research Team discovered a critical validation and filter bypass vulnerability in the official Mozilla Thunderbird 17.0.6 email software.
This vulnerability allows an attacker to reset the password of a user in AMS WebMail. The attacker can exploit this vulnerability by setting up a malicious web page with a JavaScript file that will send a request to the AMS WebMail server. The request will contain the user's email address and a reset password token. The attacker can then use the token to reset the user's password. The vulnerability is caused by the lack of proper input validation in the AMS WebMail server.
MP3info is prone to a Stack-Based Buffer Overflow vulnerability. An attacker can exploit this vulnerability by supplying a maliciously crafted input to the vulnerable application. This exploit is for educational purposes and wastes CPU clocks on unusable exploits.
The SkyBlueCanvas Lightweight CMS application contains a remote command injection vulnerability within the form on the Contact page. A remote un-authenticated user can exploit this vulnerability to force the webserver to execute commands in the context of the vulnerable application. It is possible to exploit this vulnerability because the POST parameters "name", "email", "subject", and "message" are not properly sanitized when submitted to the index.php?pid=4 page. Arbitrary commands can be executed by injecting the following payload to a vulnerable parameter: A"; <command> Since the page does not display the results of the injected command (blind injection) then testing must be done using a ping, nc, or similar command.
Cyberoam Threat Research Labs discovered Hidden option and Access Control vulnerability in Ammyy Admin tool which allows an attacker to utilize "Ammyy Admin tool" as a trojan horse to access computer without victim's information. An approach to have hidden option "-nogui" along with storing "client ID" at fixed memory location could be exploited by an attacker to use "Ammyy Admin" as a troja horse.
This module exploits a directory traversal vulnerability in the Hewlett-Packard Data Protector product. The vulnerability exists at the Backup Client Service (OmniInet.exe) when parsing packets with opcode 42. This module has been tested successfully on HP Data Protector 6.20 on Windows 2003 SP2 and Windows XP SP3.
As the Guest user (the lowest privilege), a user can post the cmdWebGetConfiguration parameter to cgi-bin/tsaws.cgi. This will return the usernames and password hashes (in DES format) for all users of the application. Once dumped, they can be cracked and used to access authenticated portions of the application. The three primary users on the TS550 are roleGuest, roleUser, and roleAdmin. Another user exists with additional access named roleDiag. This user can access extra portions of the application such as the command line interface, enable and disable SSH, and access the file system. The credentials for this user are hardcoded and cannot be changed.
The Data parameter of the MW6DataMatrix Class is subject to a buffer overflow, which could lead to arbitrary code execution. To trigger the overflow, a string larger than 10000 characters must be entered. The !exploitable windbg plugin classifies the vulnerability as EXPLOITABLE.
Services By CQR