MTP Guestbook script suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
MTP Image Gallery suffers from a stored XSS vulnerability when parsing user input to the 'title' parameter via POST method thru 'edit_photos.php' and 'add_cat.php' scripts. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
The Vulnerability Laboratory Research Team discovered an arbitrary file upload vulnerability in the mobile IPMap v2.5 app for the apple ipad & iphone. The vulnerability allows remote attackers via POST method to inject local app webserver folders to request unauthorized local webserver files.
A SQL injection vulnerability exists in the Brewthology 0.1 application. The vulnerability is due to insufficient sanitization of user-supplied input in the 'r' parameter of the 'beerxml.php' script. An attacker can exploit this vulnerability to inject arbitrary SQL commands and gain access to sensitive information from the application database.
This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February of 2013. Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user.
This module exploits a use-after-free vulnerability in Microsoft Internet Explorer where a CParaElement node is released but a reference is still kept in CDoc. This memory is reused when a CDoc relayout is performed.
A vulnerability exists in phpMyRecipes 1.2.2 due to improper sanitization of user-supplied input in the 'r_id' parameter of the 'viewrecipe.php' script. An attacker can exploit this vulnerability to inject arbitrary SQL commands and gain access to sensitive information from the database.
High-Tech Bridge Security Research Lab discovered multiple XSS vulnerabilities in glFusion, which can be exploited to perform Cross-Site Scripting attacks. glFusion has a 'bad_behaviour' plugin (installed by default) that verifies HTTP Referer, aimed to protect against spambots. The plugin also makes reflected XSS attacks against the application a little bit more complex. To bypass the security restriction PoC (Proof-of-Concept) codes for vulnerabilities 1.1 – 1.3 modify the HTTP Referer header. These PoCs were successfully tested in the latest available version of Mozilla Firefox (18.0.1).
Alt-N WorldClient is the web interface of the MDaemon email server. It has been identified that application session state is not maintained by the user's session cookie but by the URL "Session" parameter instead. This parameter is transmitted with every user request sent to the WorldClient web application and under certain circumstances future session IDs can be successfully predicted. The use of predictable session IDs for authentication makes WorldClient prone to session hijacking attacks. If the attacker can generate a current valid session ID then he/she may be able to access webmail accounts without possessing a valid username/password. The impact of the attack is significantly reduced because WorldClient associates the client's IP address with each session ID produced. However, certain network setups or other scenarios may exist that could render the IP restriction ineffective.
The RTTucson Quotations Database Script is vulnerable to an authentication bypass due to an SQL injection vulnerability. The vulnerability exists in the login.php script, which is used to authenticate users. The script does not properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by supplying a specially crafted username and password. The username should be set to 'or'1=1 and the password should be set to cr4wl3r. This will bypass the authentication process and allow the attacker to gain access to the application.
Services By CQR