The vulnerability exists due to improper sanitation of input in multiple parameters within the "/ajax.php" script. A remote attacker can send a specially crafted HTTP POST request and execute arbitrary SQL queries in application’s database. The following parameter are vulnerable to SQL injection attacks: - "uid" (when "mode" is set to "add_friend"). This vulnerability require that attacker is logged-in into the application, however new user registration is open by default ; - "id" (when "mode" is set to "share_object" or "add_to_fav", and "type" is set to "video", "photo", or "collection"); - "id" (when "mode" is set to "rating" and "type" is set to "video", "photo", "collection", or "user"). This vulnerabilities require that attacker is logged-in into the application, however new user registration is open by default; - "id" (when "mode" is set to "flag_object" and "type" is set to "video", "group", "user", "photo", or "collection"); - "cid" (when "mode" is set to "add_new_item" or "remove_collection_item" and "type" is set to "video" or "photo"); - "cid" (when "mode" is set to "remove_collection_item" and "type" is set to "collection");
A race condition vulnerability was discovered in Centrify Deployment Manager v2.1.0.283, which allowed an attacker to gain root access by creating a symbolic link to /etc/shadow and then executing a malicious command before the software had a chance to execute its own command.
Some ISP's (like the Argentinean Telecentro) could make some changes in the router configration via the TCP 8080 port. If the remote config option is enabled and the port is not filter, an attacker can download this file calling the correct URL. With a valid user in the router web interface for managment and configuration, a user could insert a XSS payload in the 'User Password' field. This payload will be stored in the configuration file and will be executed when the router is restarted.
Using the dork inurl:/kingchat.php? you will see multiple forums running this chat plugin. Registration on the forums is required for persistent XSS to work. Now click a random forum with this plugin installed and you will see this: http://vulnforum.com/kingchat.php?notic. Remove 'notic' at the end of the URL and add 'chat=2&1=2' to our query so it becomes: http://server/kingchat.php?chat=2&l=2. You will see the vulnerable chat box. Submit your XSS for instance <script>alert('vipvince')</script>. Now to see our saved JavaScript alert go to: http://server/kingchat.php?chat=2&l=2&message=. Your persistant XSS will be stored here.
There is an integer overflow on the MuPDF in the lex_number() function which can be triggered using a corrupt PDF file with ObjStm.
Cross Context Scripting (XCS) is possible in the Maxthon about:history page. Injection in such privileged/trusted browser zone can be used to modify configuration settings and execute arbitrary commands.
This module exploits a feature of Splunk whereby a custom application can be uploaded through the web based interface. Through the 'script' search command a user can call commands defined in their custom application which includes arbitrary perl or python code. To abuse this behavior, a valid Splunk user with the admin role is required. By default, this module uses the credential of 'admin:changeme', the default Administrator credential for Splunk. Note that the Splunk web interface runs as SYSTEM on Windows, or as root on Linux by default. This module has only been tested successfully against Splunk 5.0.
This module abuses the 'wmicimsv' service on IBM System Director Agent 5.20.3 to accomplish arbitrary DLL injection and execute arbitrary code with SYSTEM privileges. In order to accomplish remote DLL injection it uses a WebDAV service as disclosed by kingcope on December 2012. Because of this, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. It is enabled and automatically started by default on Windows XP SP3, but disabled by default on Windows 2003 SP2.
In version 1.33 of the m0n0wall firewall/router distribution, differents vulnerabilities CSRF RCE reverse root shell can be used. Two proof of concepts are provided, one with command execution and one without. The exploit can be used to reset the WebGUI admin password to admin/mono.
VLC media player (also known as VLC) is a highly portable free and open-source media player and streaming media server written by the VideoLAN project. It is a cross-platform media player, with versions for Microsoft Windows, OS X, GNU/Linux, Android, BSD, Solaris, iOS, Syllable, BeOS, MorphOS, QNX and eComStation. A buffer overflow vulnerability exists during the handling of the swf file, which can allow attackers to execute arbitrary code.
Services By CQR