Passing startup parameters via QUERY_STRING for an application running in CGI mode can be used to set page template path variable 'd'. Generating a template file on the server and specifying it in the variable 'd' can result in Arbitrary Files Reading via <!INCLUDE CONTENT="URI"> template structure.
Vulnerability exists due to insufficient validation of user-supplied input in $_FILES['file']['name'] variable passed to /gallery/upload/index URL before using it in PHP exec() function. A remote attacker can send a specially crafted HTTP POST request containing a malicious filename, and execute arbitrary commands on the target system with privileges of the web server.
Qool CMS is prone to multiple HTML and JavaScript injection vulnerabilities because it fails to properly sanitize user-supplied data before using it in the application's generated HTML output.
The Vulnerability Laboratory Research Team discovered a file include web vulnerability in the mobile Remote File Manager v1.2 app for the apple ipad & iphone.
Kaspersky Internet Security 2013 (and any other Kaspersky product which includes the firewall funcionality) is susceptible to a remote system freeze. If IPv6 connectivity to a victim is possible (which is always the case on local networks), a fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system. No log message or warning window is generated, nor is the system able to perform any task.
This module exploits a vulnerability in Viscosity 1.4.1 on Mac OS X. The vulnerability exists in the setuid ViscosityHelper, where an insufficient validation of path names allows execution of arbitrary python code as root. This module has been tested successfully on Viscosity 1.4.1 over Mac OS X 10.7.5.
This module exploits a vulnerability in Tunnelblick 3.2.8 on Mac OS X. The vulnerability exists in the setuid openvpnstart, where an insufficient validation of path names allows execution of arbitrary shell scripts as root. This module has been tested successfully on Tunnelblick 3.2.8 build 2891.3099 over Mac OS X 10.7.5.
D-Link DSL-2740B is an ADSL Router using a web management interface in order to change configuration settings. This router allows an attacker to bypass authentication and to login with administrator ('admin' user) permissions. When the administrator is logged in the web management interface, an attacker is be able to completely bypass authentication phase and connect to the web management interface with administrator's credentials. An attacker can bypass authentication and get administrator permissions by simply changing the URL in the following way: http://192.168.1.1/menu.html?login=true
PHP-Fusion users can edit their profile and by default there is possibility to change the theme. There is no sufficient sanitization of the POST parameter "user_theme": POST parameter "user_theme" can be used to include arbitrary local files. Example: POST /php-fusion/profile.php?lookup=1 HTTP/1.1 Host: localhost Content-Length: 43 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=1234567890 user_theme=../../../../../../../../../etc/passwd This will include /etc/passwd file.
The vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote server. The vulnerability exists due to insufficient filtration of user-supplied input in "dl" HTTP GET parameter passed to "/install.php" script. A remote attacker can manipulate the "dl" parameter to read arbitrary files on the remote server.
Services By CQR