A SQL injection vulnerability exists in RadioCMS 2.2, which allows an attacker to execute arbitrary SQL commands via the 'playlist_id' parameter in the 'meneger.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable server, such as http://server/radio/meneger.php?fold=/var/www/music&search=1%27&playlist_id=&playlist_id=-1+union+select+1,version%28%29,3,4,5,6,7,8,9,10,11,12.
This module exploits a vulnerability on Adobe Reader X Sandbox. The vulnerability is due to a sandbox rule allowing a Low Integrity AcroRd32.exe process to write register values which can be used to trigger a buffer overflow on the AdobeCollabSync component, allowing to achieve Medium Integrity Level privileges from a Low Integrity AcroRd32.exe process.
The Spider Catalog Wordpress Plugin is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data. An attacker with Author level privileges can exploit this vulnerability by supplying malicious data in the 'id' parameter of the 'Spider_Catalog_Product' shortcode.
A vulnerability exists in the Spider Event Calendar Wordpress Plugin due to insufficient access check for AJAX operations in 'calendar.php'. An attacker can exploit this vulnerability by sending a malicious request to the vulnerable script. This can allow an attacker to edit the Spider Calendar without authentication.
When you make a draft you can view it at a URL like: /index.php?p=/post/editdiscussion/0/5. However other accounts can view these drafts by just iterating the number on the end of the url, such as /index.php?p=/post/editdiscussion/0/1, /index.php?p=/post/editdiscussion/0/2, etc. This occurs in the flagging function. Flag a post with any flag reason. Flag the exact same post again, this time with your XSS script <script>alert(1)</script>. The XSS will trigger on the admin dashboard.
The vulnerability allows an remote attacker to inject own malicious script codes on the application-side of the vulnerable service. The vulnerability is located in the `username` and `password` value of the `login.php` file. Remote attackers are able to inject own malicious script codes to the vulnerable `username` and `password` value of the `login.php` file. The execution of the malicious script code occurs in the main page of the vulnerable service after the successful login request. The request method to inject is POST and the attack vector is located on the application-side. The security risk of the non-persistent cross site scripting vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.0. Exploitation of the non-persistent cross site scripting web vulnerability requires no privileged web-application user account and low user interaction. Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing attacks, non-persistent external redirects and non-persistent malicious script codes execution.
The Vulnerability Laboratory Research Team discovered a code execution vulnerability in the official Playstation3 v4.31 Firmware. The vulnerability allows remote attackers to execute code on the vulnerable application. The vulnerability is located in the `Playstation Network` service. Remote attackers are able to inject malicious code to the vulnerable service to compromise the application.
The 'module' parameter is vulnerable to Blind SQL Injection.
This exploit is used to reset the password of HP LaserJet Pro P1606dn Webadmin. It uses the cgi-bin/ip_password_result.htm page to reset the password. The exploit adds a Referer and User-Agent header to the request and sends it to the printer IP address.
The SASspk module (SASspk.dll) version 9.310.0.11307, has a function called 'RetrieveBinaryFile()' which has one parameter called 'bstrFileName' which takes arguments as strings as defined in the function itself as ISPKBinaryFile from the SASPackageRetrieve library. Stack-based buffer overflow was discovered in one of the fuzzing processes that could allow arbitrary code execution by an attacker when exploiting the non-sanitized 'bstrFileName' parameter.
Services By CQR