Quick Paypal Payments suffers from a persistent Cross-Site Scripting vulnerability due to a lack of input validation and output sanitization of the "reference" and "amount" paramaters. Other input fields are also effective to reflective cross site scripting.
A persistent input validation web vulnerability is detected in the Zikula Content Management System v1.3.5 web-application. The bug allows an attacker (remote) to implement/inject malicious own malicious persistent script codes (XSS) in the application web-server context. The vulnerability is located in the `name` value of the `users` module with the vulnerable `register` method POST request. Remote attackers are able to inject own malicious persistent script codes to the vulnerable `name` value of the `users` module. The request method to inject is POST and the attack vector is located on the application-side of the service.
WebTester 5.x has a built-in WYSIWYG Editor, that is TinyMCE. The attacker can upload file through the TinyMCE File Manager. It can be found in tiny_mce/plugins/filemanager. The attacker can also exploit SQL Injection, PHPInfo() Disclosure and Leftover install.php File.
The file include web vulnerability allows remote attackers to inject files with malicious context via POST method. The vulnerability is located in the `Upload` module in the Browse File section. Remote attackers are able to manipulate in the upload POST method request the filename value. The code or commands as filename executes in the index module file dir listing. The persistent input validation web vulnerability is located in the `Upload` module in the `Browse File` section. Remote attackers are able to manipulate the `filename` value in the upload POST method request.
A vulnerability in Apple iOS 7.2 allows an attacker to bypass the Sim Lock Screen Display. This vulnerability is due to improper implementation of the Sim Lock Screen Display. An attacker can exploit this vulnerability to bypass the Sim Lock Screen Display and gain access to the device.
The file include vulnerability allows remote attackers to include (upload) local file or path requests to compromise the application or service. The persistent input validation vulnerability allows remote attackers to inject malicious script codes to the application-side of the vulnerable module.
A file include and a post inject vulnerability are detected in the OliveOffice Mobile Suite v2.0.3 iOS web-application. The file include web vulnerability allows remote attackers to inject files with malicious context via POST method. The vulnerability is located in the `Browse File Up` module with the bound vulnerable `file` value. Remote attackers are able to inject own malicious files to the application dbms.
The vulnerability allows remote attackers to inject own malicious script codes on the application-side of the vulnerable service. The vulnerability is located in the `name` value of the `file` parameter. Remote attackers are able to inject own malicious script codes to the vulnerable `name` value of the `file` parameter. The request method to inject is POST and the attack vector is located on the application-side.
This module exploits a vulnerability found in Microsoft Internet Explorer. It was originally found being exploited in the wild targeting Japanese and Korean IE8 users on Windows XP, around the same time frame as CVE-2013-3893, except this was kept out of the public eye by multiple research companies and the vendor until the October patch release. This issue is a use-after-free vulnerability in CDisplayPointer via the use of a 'onpropertychange' event handler. To set up the appropriate buggy conditions, we first craft the DOM tree in a specific order, where a CBlockElement comes after the CTextArea element. If we use a select() function for the CTextArea element, two important things will happen: a CDisplayPointer object will be created for CTextArea, and it will also trigger another event called 'onselect'. The 'onselect' event will allow us to set up for the actual event handler we want to abuse - the 'onpropertychange' event. Since the CBlockElement is a child of CTextArea, if we do a node swap of CBlockElement in 'onslect', the CDisplayPointer object will be freed.
This module exploits a stack-based buffer overflow in the Hewlett-Packard Data Protector product. The vulnerability, due to the insecure usage of _swprintf, exists at the Cell Request Service (crs.exe) when parsing packets with opcode 211.
Services By CQR