The vulnerability exists due to insufficient filtration of the 'file' HTTP GET parameter passed to '/index.php/admin/translationManager' URL before using it in PHP 'include()' function. A remote authenticated administrator can include and execute arbitrary local PHP files on the target system using directory traversal sequences. The vulnerability also exists due to insufficieent filtration of user-supplied data passed to '/index.php/contacts/view' URL before using it in HTML output. A remote attacker can inject arbitrary web script or HTML and execute it in browser of a legitimate user in context of vulnerable application.
HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: <body> <div> <script>alert('XSS Here')</script> </div> </body>
This exploit is used to gain root privileges on IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02. It uses the ibstat command to create a malicious shell script in the /tmp directory, which is then executed to gain root privileges.
NOSpamPTI contains a flaw that may allow an attacker to carry out a Blind SQL injection attack. The issue is due to the wp-comments-post.php script not properly sanitizing the comment_post_ID in POST data. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.
This module exploits an arbitrary command execution vulnerability in the GLPI 'install.php' script. Users should use this exploit at his own risk, since it's going to overwrite database configuration.
A buffer overflow vulnerability exists in SolarWinds Server and Application Monitor ActiveX (Pepco32c) due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by crafting a malicious web page and convincing a user to view it, resulting in arbitrary code execution in the context of the user.
A vulnerability in the Wordpress Lazy SEO plugin allows an attacker to upload a malicious shell to the vulnerable website. By exploiting this vulnerability, an attacker can gain access to the vulnerable website and execute arbitrary code. The vulnerability exists in the lazyseo.php file, which is located in the wp-content/plugins/lazy-seo/ directory. An attacker can exploit this vulnerability by accessing the lazyseo.php file, clicking on the 'Browse...' button, selecting a malicious shell code, and then pressing the 'Enter' button. The malicious shell will then be uploaded to the wp-content/plugins/lazy-seo/ directory, and can be accessed via the Shell.php file.
The vulnerability exists due to insufficient validation of "onlyforuser" HTTP GET parameter passed to "/index.php" script. A remote authenticated user can execute arbitrary SQL commands in application's database.
This module exploits a vulnerability found in OpenEMR version 4.1.1 Patch 14 and lower. When logging in as any non-admin user it's possible to retrieve the admin SHA1 password hash from the database through SQL injection. The SQL injection vulnerability exists in the 'new_comprehensive_save.php' page. This hash can be used to log in as the admin user. After logging in, the 'manage_site_files.php' page will be used to upload arbitrary code.
Services By CQR