Multiple persistent input validation web vulnerabilities has been discovered in the WireShare v1.9.1 for apple iOS. A persistent input validation web vulnerability allows remote attackers to inject own malicious script codes on the application-side (persistent) of the affected application web-server. The vulnerability is located in the add `New Folder` input field. Th remote attacker is able to inject own malicious script codes to the application-side of the vulnerable service. The request method to inject is POST and the attack vector is persistent on the application-side.
When creating a new download package you need to enter a title, description and the file(s) that you want to be available for download. The title input field is not sanitized and therefor vulnerable to persistent cross site scripting. The payload used is <input onmouseover=prompt(document.cookie)>
This script exploits a Local File Inclusion in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz which allows us to see localconfig.xml that contains LDAP root credentials wich allow us to make requests in /service/admin/soap API with the stolen LDAP credentials to create user with administration privlegies and gain acces to the Administration Console.
A vulnerability exists in the Wordpress page-flip-image-gallery plugin which allows an attacker to upload a malicious file to the server. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the upload.php file. This will allow the attacker to upload a malicious file to the server, which can be used to execute arbitrary code.
BoxBilling suffers from a stored cross-site scripting vulnerability. Input passed to the 'message' POST parameter thru the 'Notification Center' extension/module is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
A vulnerability in the WordPress DZS Video Gallery (dzs-videogallery) 3.1.3 plugin allows an attacker to remotely and locally disclose files with a .swf extension. This is done by sending a crafted request to the preview.php file, which is located in the deploy/designer/ directory. The request contains a parameter called swfloc, which can be set to a URL pointing to a .swf file or a relative path to a .swf file located on the server.
This exploit allows an attacker to execute arbitrary code on the vulnerable system by sending a specially crafted HTTP request to the vulnerable server. The exploit uses the view_list.php page to inject a malicious command into the system, which is then executed by the vulnerable system.
A local command/path injection web vulnerability has been discovered in the Wireless Transfer App v3.7 for apple iOS. The vulnerability allows to inject local commands via vulnerable iphone/ipad application. The vulnerability is located in the `file` value of the `/upload` POST method request. Remote attackers are able to inject own malicious commands to compromise the vulnerable application.
Steinberg MyMp3PRO v5.0 is vulnerable to a buffer overflow vulnerability. The vulnerability is caused due to a boundary error when handling specially crafted .m3u files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a specially crafted .m3u file with the vulnerable application. This may allow an attacker to execute arbitrary code.
The vulnerability exists due to insufficient validation of "language" HTTP GET parameter passed to "/index.php" script. A remote unauthenticated attacker can execute arbitrary SQL commands in application's database and gain complete control over the vulnerable web application.
Services By CQR