All POST-Parameters in the file 'socks5.php' are vulnerable to SQL Injection. Proof of Concept 1 gets the MySQL Version Information by sending a POST request with malicious parameters.
This exploit allows an attacker to anonymously download configuration files from Cisco phones. The attacker can then use the information gathered from the files to gain access to personal information and credentials from LDAP. The exploit is performed by using the first 8 digits of the MAC address and the last 4 digits are generated automatically. The attacker then downloads the files using the TFTP server and processes the SPDefault.cnf.xml file to gain access to the LDAP IP address, user ID, password, and base DN.
KikChat is vulnerable to both Local File Inclusion (LFI) and Remote Code Execution (RCE). The LFI vulnerability is present in the private.php file, which allows an attacker to read arbitrary files on the server. The RCE vulnerability is present in the get.php file, which allows an attacker to execute arbitrary commands on the server.
The Vulnerability Laboratory Research Team discovered multiple web vulnerabilities in the official Photo Video Album Transfer v1.0 mobile app for apple iOS. The vulnerabilities include Local File/Path Include, Persistent Input Validation, Persistent SQL Injection, Persistent Cross Site Scripting, and Persistent Cross Site Request Forgery.
eFront v3.6.14 (build 18012) is vulnerable to stored XSS in multiple parameters. An attacker can inject malicious payloads into the Last Name, Lesson Name and Course Name fields. The payload used is '"><img src=x onerror=prompt(1);>'
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Its password can by default or by misconfiguration be set to an empty value. This allows you to create a session via the RDS login that can be carried over to the admin web interface even though the passwords might be different. Therefore bypassing authentication on the admin web interface which then could lead to arbitrary code execution. Tested on Windows and Linux with ColdFusion 9.
This module exploits a directory traversal vulnerability on the version 11.52 of HP LoadRunner. The vulnerability exists on the EmulationAdmin web service, specifically in the copyFileToServer method, allowing to upload arbitrary files. This module has been tested successfully on HP LoadRunner 11.52 over Windows 2003 SP2.
IcoFX is prone to a (client side) security vulnerability when processing .ICO files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing the user of IcoFX to open a specially crafted icon file.
The Vulnerability Laboratory Research Team discovered multiple vulnerabilities in the SharkFood Air Gallery 1.0 Air Photo Browser mobile application for Apple iOS. A local command/path injection web vulnerabilities has been discovered in the SharkFood Air Gallery 1.0 Air Photo Browser mobile application for Apple iOS. A local command inject vulnerability allows attackers to inject local commands via vulnerable system values to compromise the apple mobile iOS application. The vulnerability is located in the vulnerable `devicename` vlaue of the `/airgallery/index.html` file. Remote attackers are able to inject local commands via the vulnerable `devicename` value to compromise the application. A persistent input validation web vulnerability has been discovered in the SharkFood Air Gallery 1.0 Air Photo Browser mobile application for Apple iOS. The persistent input validation vulnerability allows remote attackers to implement/inject malicious script code on the application-side (persistent) of the vulnerable service. The vulnerability is located in the `devicename` value of the `/airgallery/index.html` file. Remote attackers are able to inject own malicious persistent script codes to compromise the application.
The file include vulnerability allows remote attackers to include (upload) local file or path requests to compromise the application or service. The persistent input validation vulnerability allows remote attackers to inject own malicious script codes to the application-side of the service.
Services By CQR