This module exploits a vulnerability found in BlazeVideo HDTV Player's filename handling routine. When supplying a string of input data embedded in a .plf file, the MediaPlayerCtrl.dll component will try to extract a filename by using PathFindFileNameA(), and then copies whatever the return value is on the stack by using an inline strcpy. As a result, if this input data is long enough, it can cause a stack-based buffer overflow, which may lead to arbitrary code execution under the context of the user.
SilverStripe CMS is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability and Cross-Site Request Forgeries (CSRF). The site title field in the configuration page fails to securely output encode stored values. As a result, an authenticated attacker can trigger the application to store a malicious string by entering the values into the site title field. When a user visits the web site, the malicious code will be executed in the client browser. The privilege escalation is possible because the form used to change user account passwords does not require the user to confirm their current password and is vulnerable to CSRF. An attacker can reset an Administrator password by creating a malicious web site that sends a POST request to change the current user's password while they are logged into the CMS.
SmartCMS is vulnerable to SQL Injection and Cross Site Scripting. An attacker can exploit these vulnerabilities by sending a malicious SQL query or a malicious script to the vulnerable parameter. This can allow the attacker to gain access to sensitive information from the database or execute malicious scripts in the victim's browser.
A SQL injection vulnerability exists in Free Hosting Manager V2.0. An attacker can exploit this vulnerability to gain access to the admin panel of the application. The vulnerability is triggered when an attacker sends a maliciously crafted HTTP request to the vulnerable application. The attacker can use the Google Dork 'inurl:clients/packages.php?id=1' to find vulnerable applications. The PoC for this vulnerability is 'http://www.example.com/clients/packages.php?id=-1'+UNION+ALL+SELECT+1,CONCAT(username,char(58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+adminusers%23
This module exploits a vulnerability in lib/dbtools.inc which uses unsanitized user input inside a eval() call. Additionally the base64 encoded user credentials are extracted from the database of the application. Please note that in order to be able to steal credentials, the vulnerable service must have at least one USV module (an entry in the 'nodes' table in mgedb.db)
There is no validation on the extensions when FCKEditor 2.6.8 ASP version is dealing with the duplicate files. As a result, it is possible to bypass the protection and upload a file with any extension.
Oracle OpenSSO suffers from multiple cross-site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
A buffer overflow vulnerability exists in UMPlayer (Portable Edition) version 0.95 when a specially crafted umplayer.ini file is placed in the UMPlayerPortable directory. When the user clicks on the 'Recent files' submenu under the 'Open' menu, the application crashes due to the buffer overflow.
It is possible to bypass directory traversal validation of FileVista/FileUltimate version 4.3 by using "..[SPACE]/" or "..[SPACE]". As a result
mcrypt is a command line tool for encrypting and decrypting files. It contains a stack-based buffer overflow vulnerability when decrypting .nc files with too long salt data. This vulnerability can be exploited by a malicious user to execute arbitrary code.
Services By CQR