Due to a weakness in the way the Java encryption algorithm (PBEwithMD5andDES) has been implemented in the GADS tool all stored credentials can be decrypted into plain-text. This includes all of the encrypted passwords stored in any end-users saved XML configuration file, such as Active Directory accounts, SMTP, Proxy details, LDAP and OAuth tokens, etc.
The OTRS ITSM FAQ Module 3.2.x and below is vulnerable to a persistant XSS that permit some client side attack like cookies grabbing. The FAQ Module permit to share FAQ documents to Admins (called Agents in OTRS), Customers and everyone. The documents are presented like a wiki. Each user with the permission of add a FAQ can create a custom FAQ with the exploit. Each user that can view that FAQ (also the admin) can trigger the XSS. The user can add JavaScript in the 'Syntoms' of FAQ like the simplest: <script>alert('H4cked!! '+document.cookie);</script>
OpenCart is an open source shoping cart system, suffers from Cross-site request forgery through which attacker can manipulate user data via sending him malicious craft url. OpenCart is not using any security token to prevent it against CSRF. It is vulnerable to all location inside User panel.
A buffer overflow vulnerability was discovered in HexChat 2.9.4. The vulnerability is caused due to a boundary error within the handling of certain messages. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted message to a user of the affected application. Successful exploitation may allow execution of arbitrary code.
This exploit is a Denial of Service (DoS) attack against Personal File Share 1.0. It sends a large number of 'A' characters to the server, which causes the application to crash. The exploit was tested on Windows XP SP3 English.
A buffer overflow vulnerability exists in Easy DVD Player (libav) libavcodec_plugin.dll. An attacker can exploit this vulnerability by sending a specially crafted file with a large amount of data to the vulnerable application. This will cause the application to crash and potentially allow the attacker to execute arbitrary code.
The web server running on the affected devices is subject to an authentication bypass issue that allows attacker to gain administrative access, circumventing existing authentication mechanisms. Strictly speaking, the web server skips authentication checks for some URLs, such as those that contain the substring '.jpg' (without quotes). As a consequence, an attacker can retrieve the current device configuration by accessing the following URL: http://<target-ip-address>/NETGEAR_fwpt.cfg?.jpg The resulting configuration file is encrypted. However the device implements a trivial encryption scheme, that can be reversed quite easily. From the configuration file, attackers can extract, among the other things, the clear-text password for the 'admin' user.
Aspen 0.8 is vulnerable to a directory traversal when directory indexing is turned on (default configuration in this version) and a user requests, for instance localhost/../../../../../../../etc/passwd. The vulnerability may be tested with the following command-line: curl -v4 http://<server>:<port>/../../../../../../etc/passwd.
A low-privilege or guest user can inject code via the <textareaname="photo-message">, <textarea name="youtube-message"> and <textarea name="message"> elements which are part of the wpfh_upload_form form in http://site/obituaries/?id=[ID]&f=guestbook&m=add. Scripts injected via the "photo-message" and "youtube-message" elements will be executed by the admin user when they browse to the guestbook admin page at http://site/wp-admin/admin.php?page=wpfh-guestbook. If a malicious post is approved by the admin, the script will be run by anyone viewing the guestbook.
The script readimage.php in Pollen CMS 0.6 does not properly validate the existence of the given file, allowing an attacker to read any file on the server. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server, containing the path to the file to be read.
Services By CQR