The first bypass vulnerability allows attackers to bypass the system web application auth of the admin login. The secound vulnerability allows to upload for example webshells and access them after upload via unauthorized web access.
The vulnerability is caused by missing access restrictions and missing input validation in the cmd parameter and can be exploited to inject and execute arbitrary shell commands. It is possible to start a telnetd to compromise the device.
AdaptCMS is vulnerable to a really unusual SQL injection. The code in config.php acts like addslashes, but a couple of lines after, there is an SQL query which is vulnerable to injection. A POST http request can be used to insert a custom choice in the poll, which contains the admin credentials.
ArrowChat is a chat script, which is able to be integrate in various CMS, as wordpress, or some bulletin boards. The vulnerability is due to the lack of secure validation of the 'lang' parameter in the external.php file, which allows an attacker to include arbitrary files on the server. Additionally, the reflected XSS vulnerability is due to the lack of secure validation of the 'PHP_SELF' parameter in the admin/layout/pages_general.php file, which allows an attacker to inject arbitrary HTML and script code.
Attacker, what may connect anonymously to FTP server, may cause CPU resource exhaustion. Login as a 'USER anonymous' 'PASS anonymous', sending 'STAT' command with special wildchar, enought to create ftpd process with 100% CPU usage.
A use-after-free vulnerability exists in Opera Browser due to improper handling of (use tag + clippath) which tries to access freed object. An attacker can exploit this vulnerability by spraying the heap with 0x78 size of block using ArrayBuffer() and then freeing the allocation. The freed block contains the attacker's data which is then accessed by the browser.
This exploit allows an attacker to access sensitive files on the server, such as configuration files, by using a base64 encoded file path. The attacker needs the 'admin_forum' privilege to exploit this vulnerability.
This module exploits a PHP code injection vulnerability DataLife Engine 9.7. The vulnerability exists in preview.php, due to an insecure usage of preg_replace() with the e modifier, which allows to inject arbitrary php code, when the template in use contains a [catlist] or [not-catlist] tag.
Requesting an unprotected cgi, it's possible, for an unauthenticated user, to download any system file, included /etc/shadow, that contains the password shadows for the application/system users. Moreover, using the key 'all' it's possible to download the entire /var/log directory. This vulnerability also allows authenticated users to execute arbitrary commands on the system with root privileges.
D-Link DCS web cameras allow unauthenticated attackers to obtain the configuration of the device remotely. A copy of the device configuration can be obtained by accessing the following URL: http://<device IP address>/frame/GetConfig. The obtained configuration file is obfuscated using a trivial obfuscation scheme.
Services By CQR