Lack of input validation at several places allows an attacker to inject malicious JavaScript code into the vulnerable application. This can be done by submitting the payload " /><script>alert(1)</script><img src=" into any of the fields on the page usercp.php?action=socialsites. The input will be stored and executed when the page is loaded.
Vulnerability found in menuXML.php inside the 'menu' parameter. By injecting payload after the menu parameter, e.g: ' AND SLEEP(5) AND 'meHL'='meHL, the web application hung for 5 seconds, which gives us a conclusion that the web application is vulnerable to time-based sql injection.
Cisco Wireless Lan Controller 7.2.110.0 is vulnerable to CSRF, DoS, and Persistent XSS attacks. The exploit code demonstrated in the advisory video involves two HTML files, ciscoWLC1.html and ciscoWLC2.html, which are used to exploit the vulnerabilities. The first file is used to inject malicious JavaScript code into the WLC, while the second file is used to create a new administrator account with the credentials “HaXoReD”. The exploit code is written in JavaScript and can be used to execute arbitrary code on the vulnerable system.
MyBB DyMy User Agent Plugin is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords. This can be done by sending a specially crafted HTTP request with a malicious User-Agent header. The PoC (Proof of Concept) provided in the text can be used to receive the admin username and password.
portable-phpMyAdmin doesn't verify an existing WordPress session (privileged or not) when accessing the plugin file path directly. Because of how this plugin works, a default installation will provide a full phpMyAdmin console with the privilege level of the MySQL configuration of WordPress.
The MyBB Facebook Profile Plugin is vulnerable to a persistent cross-site scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious JavaScript code into the user profile page of a MyBB user. The malicious code will be executed in the browser of any user who views the profile page. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'Facebook id/nickname' field of the user profile page. An attacker can exploit this vulnerability by entering malicious JavaScript code into the 'Facebook id/nickname' field of their profile page. When other users view the profile page, the malicious code will be executed in their browser.
The Persistent XSS vulnerability lies within the chat_frame.php page. Although the message is filter with the htmlentities function, the vulnerability occurs with the use of the urldecode function, allowing us to bypass the htmlentities with url encoding. The vulnerability can be exploited via the following line, decoded as - '><img src='XSS' onerror='alert(document.cookie)' />
MyYoutube plugin suffers from POST SQL UPDATE injection. The vulnerabillity exist within youtube.php, where the function youtube_update($ytb) is vulnerable to SQL injection. An attacker can exploit this vulnerability by entering malicious code in the youtube ID field in the usercp.php?action=profile page. This will allow the attacker to gain admin privileges.
A path traversal vulnerability was identified in SecureTransport versions 5.1 SP2 and earlier on the Microsoft Windows platform that could allow tampering and information disclosure. This vulnerability allows remote attackers to access other user's directories, and also to read, download, delete and upload arbitrary files. This can be performed using a encoded backslash characters (%5c) in the path.
Novell File Reporter Agent is vulnerable to a remote code execution vulnerability due to improper handling of XML data. An attacker can send a specially crafted XML request to the agent, which can be used to execute arbitrary code on the vulnerable system. This vulnerability was assigned CVE-2012-4959 and was discovered by @abysssec in 2012.
Services By CQR