Netgear SPH200D is vulnerable to directory traversal and password change. An attacker can access local files of the device and change the current password without knowing it.
pfSense versions 2.0.1 and prior are vulnerable to semi-persistent XSS and CSRF attack vectors, exploited by sending Javascript/HTML code as a username during the XAuth user authentication phase. XAUTH provides extended authentication for IPSec telecommuters by using authentication schemes such as RADIUS or internal user databases.
User supplied input passed through the $_REQUEST['catlist'] parameter is not properly sanitized before being used in a preg_replace() call with the e modifier at lines 249 and 253. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires a template which contains a “catlist” (or a “not-catlist”) tag.
An attacker can exploit this vulnerability by crafting a malicious "qtif" image file and sending it to the victim. If the victim opens the file using Quick Time Player/Quick time Picture Viewer or Quick Time Browser Plug-in, the process will crash.
The Vulnerability Laboratory Research Team discovered a Directory Traversal web vulnerability in the Kohana v2.3.3 Content Management System. The vulnerability allows remote attackers to request local directories and files of the web server application system. The vulnerability is located in the `master/classes/Kohana/File.php` file with the vulnerable `get_file` function. Remote attackers are able to inject own malicious path strings to request local directories and files of the web server application system.
The vulnerability allows an remote attacker to inject own malicious script codes on the application-side of the vulnerable module. The vulnerability is located in the `name` value of the `/ibe/ibe_login.php` module. Remote attackers are able to inject own malicious script codes to the vulnerable `name` value of the `/ibe/ibe_login.php` file. The execution of the script code occurs in the main page of the `/ibe/ibe_login.php` module. The request method to inject is POST and the attack vector is located on the application-side. The security risk of the non-persistent cross site scripting vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.0. Exploitation of the non-persistent cross site scripting vulnerability requires no user interaction or privileged application user account.
This module exploits a remote code execution vulnerability in the JSON request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application. This vulnerability is very similar to CVE-2013-0156.
Php Weby directory script is a powerful and easy-to-use FREE link management script with numerous options for running a directory, catalog of sites or a simple link exchange system. A vulnerability exists in the contact.php file, where user input is not properly sanitized before being passed to an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Additionally, the application is vulnerable to CSRF attacks, which can be used to perform certain actions with the same privileges as the targeted user.
This module will inject a payload into memory of a process. If a payload isn't selected, then it'll default to a reverse x86 TCP meterpreter. If the PID datastore option isn't specified, then it'll inject into notepad.exe instead.
The vulnerability exists due to insufficient filtration of the 'q' HTTP GET parameter passed to '/admin/admin_search/'. A remote authenticated administrator can execute arbitrary SQL commands in the application's database. Depending on the database and system configuration PoC (Proof-of-Concept) code below will create '/tmp/file.txt' file with MySQL server version inside: http://[host]/admin/admin_search?q=123%27%20UNION%20SELECT%201,2,version%28%29,4,5,6,7,8,9,10,11,12,13,14,15%20INTO%20OUTFILE%27/tmp/file.txt%27%20--%202 This vulnerability can also be exploited by remote non-authenticated attacker via CSRF vector because the application is prone to Cross-Site Request Forgery attack. In order to do so attacker should trick a logged-in administrator to visit a web page with CSRF exploit.
Services By CQR