Memory corruption vulnerability exists in the launchApp() method of the deployJava1.dll which is loaded by Internet Explorer and used to launch javaws.exe with provided arguments. The second (optional) parameter that is responsible for embedded data is checked improperly, which causes memory corruption and reading from arbitrary address if specific conditions are met. Successful exploitation of this vulnerability could potentially result in an arbitrary code execution within the Java(TM) Web Start Launcher or cause the application to crash.
The vulnerability exists due to insufficient filtration of user-supplied data passed to 'content' HTTP GET parameter via '/services/get_article.php' script. A remote attacker can trick a logged-in user to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of the vulnerable website. The vulnerability exists due to insufficient verification of the HTTP request origin in '/users_maint.html' script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create a new account with administrative privileges.
Due to unsanitized user input it is possible to inject arbitrary HTTP header values in certain HTTP responses of the Satellite Server. This can be exploited, for example, to perform session fixation and malicious redirection attacks via the Set-Cookie and the Refresh headers. Moreover, the Satellite Server caches these HTTP responses with the injected HTTP header resulting in all further requests to the same resource being served with the poisoned HTTP response, while these objects remain in cache.
This module allows execution of operating system commands through the SAP ConfigServlet without any authentication.
Foxit Reader does not validate data in PDF Cross Reference Table (XREF) header properly. Tampering with XREF header may lead to integer division by zero exception during its parsing by the application. Raised, not handled, exception causes Denial of Service of Foxit Reader. Vendor was notified on 2013.02.21 but has not responded to this submission. This issue is present in the latest version of application avaiable at the time of writing.
FirePHP Firefox plugin is vulnerable to Remote Code Execution. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious XUL code to launch calc.exe. This vulnerability affects all versions up to and including 0.7.1.
A SQL injection vulnerability exists in phpVMS Virtual Airline Administration versions 2.1.934 and 2.1.935. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
The vulnerability is caused due to the improper verification of uploaded files in '/application/controllers/support.php' script thru the 'upload_file_ajax()' function. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with multiple extensions in the '/support_files' directory. Normal user [level 113] authentication required.
Remote command execution by triggering a buffer overflow in the GET request.
You can exploit these by having the user visit a thread with the img src of the below urls. eg <img src="http://site.org/index.php=/vanilla/discussion/bookmark/1337?> where 1337 is the id. Bookmark CSRF: http://site.org/index.php=/vanilla/discussion/bookmark/1337 UnBookmark CSRF: http://site.org/index.php=/vanilla/discussion/bookmark/1337? Delete Message CSRF: http://site.org/index.php=/messages/clear/1337 Post to Van2Shout Chat Box CSRF: http://site.org/index.php?p=/plugin/Van2ShoutData&newpost=testmessage Delete Message from Van2Shout Chatbox CSRF: http://site.org/index.php?p=/plugin/Van2ShoutData&del=1337
Services By CQR