The $id argument of pdfInvoice function have been used directly at mysql query without any sanitization which leads directly to Sql Injection.
Incorrect e-mail address validation code allows an attacker to take over the admin account without prompting any alert but preventing the real admin to login afterwards. After a successful takeover, the attacker can plant a PHP backdoor using IPB's templating system.
A vulnerability in the Wordpress wp-FileManager plugin allows an attacker to download any file from the server. In order for this to work, the 'Allow Download' setting must be checked in the FileManager's settings.
Adrenalin Player 2.2.5.3 is vulnerable to a buffer overflow exploit. The vulnerability is triggered when a specially crafted .m3u file is opened. The exploit code contains a NOP sled followed by a shellcode that spawns a calculator. The exploit code is written in assembly language and is designed to overwrite the SEH (Structured Exception Handler) record.
This exploit is a proof-of-concept (PoC) for a remote denial-of-service (DoS) vulnerability in MiniWeb HTTP server (build 300, built on Feb 28 2013) by Stanley Huang. The vulnerability is caused by a heap corruption when sending a specially crafted POST request with a large number of 'A' characters. This can cause the server to crash.
A local file include and arbitrary file upload vulnerability is detected in the mobile File Lite 3.3 & 3.5 PRO iOS app (Apple - iPad|iPhone). The vulnerability allows remote attackers via POST method to include unauthorized remote files on the affected webserver file system. Remote attackers can also unauthorized implement mobile webshells by using multiple file extensions (*.php.js.gif) when proccessing the upload request. A persistent input validation web vulnerability is detected in the mobile File Lite 3.3 & 3.5 PRO iOS app (Apple - iPad|iPhone). The vulnerability allows remote attackers to inject malicious script codes to the application-side of the vulnerable module.
A local command injection web vulnerability is detected in the mobile Wifi Album v1.47 iOS app (Apple - iPad|iPhone). The vulnerability allows to inject local commands via vulnerable system values to compromise the apple mobile iOS application.
A local command injection web vulnerability is detected in the mobile Wifi Photo Transfer 2.1 & 1.1 Pro app for the apple ipad & iphone. The vulnerability allows to inject local commands via vulnerable system values to compromise the apple mobile iOS application. A local file include web vulnerability is detected in the mobile Wifi Photo Transfer 2.1 & 1.1 Pro app for the apple ipad & iphone. The vulnerability allows to include local files to compromise the apple mobile iOS application.
No-IP is probably the most used Dynamic DNS provider worldwide, their Dynamic Update Client (DUC) is present by default in tons of systems, software repositories and embedded devices. This exploit covers a stack-based overflow present in -i parameter, IPaddress variable name in source code. It is probably the most basic parameter, as this is the way to say the client that our IP has changed. For the PoC we will use the Linux x86 client version 2.1.9.
A SQL injection vulnerability exists in the Joomla component com_s5clanroster. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains malicious SQL code that can be executed in the backend database. The malicious code can be used to extract sensitive information from the database, such as usernames and passwords.
Services By CQR