Our researchers discovered a persistent XSS vulnerability, allowing an attacker to inject arbitrary script code into the comment section of any existing Mt5.13en installation. The blog comment is being moderated before published; that means an attacker can target the moderating Admin (employee) via Javascript Injection.
The Internet Explorer 9 offers a feature to eliminate suspicious pattern passed to the website by a parameter. This trick may be known to some of you. Internet Explorer allows stripping tags by inserting nullbytes. For example, the following string will be executed: 3C 73 00 63 72 69 70 74 3E 61 6C 65 72 74 28 31 29 3C 2F 73 00 63 72 69 70 74 3E. However, we won't be able to insert the nullbytes directly in the URI. The solution is to use the "chr" function.
An independent Laboratory Researcher discovered multiple web vulnerabilities in the CMSQLITE v1.3.2 Content Management System. A local file include vulnerability is detected in the CMSQLITE v1.3.2 Content Management System. The vulnerability allows a local privileged user account to include and load local system files. The vulnerability is located in the mediaAdmin.php file with the bound vulnerable parameter. A remote file include vulnerability is detected in the CMSQLITE v1.3.2 Content Management System. The vulnerability allows a remote attacker to include and load remote files from external server. The vulnerability is located in the mediaAdmin.php file with the bound vulnerable parameter. A remote sql injection vulnerability is detected in the CMSQLITE v1.3.2 Content Management System. The vulnerability allows a remote attacker to inject own sql commands to compromise the web-application. The vulnerability is located in the mediaAdmin.php file with the bound vulnerable parameter.
A vulnerability in the Joomla tag component allows an attacker to inject malicious SQL commands into the application. This exploit allows an attacker to gain access to the admin user and password of the application.
An SQL injection vulnerability exists in Joomla Freestyle Support component com_fss. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can potentially result in the manipulation or disclosure of application data.
The vulnerability exists in the 'marker_listings.xml' file, which is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the 'marker_listings.xml' file.
Cross-Site Scripting (XSS) vulnerability in OTRS Open Technology Real Services versions 3.1.8, 3.1.9 and 3.1.10 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.
Oracle Database is prone to a remote security-bypass vulnerability that affects the authentication protocol. An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the database.
The backend of the Content Server fails to validate authorization for certain requests, which allows low privileged users manipulating data, which they are not authorized to. The backend of the Content Server is prone to permanent and reflected Cross-Site Scripting attacks. The backend of the Content Server is prone to Cross-Site Request Forgery attacks. The backend of the Content Server discloses sensitive information.
It's possible to bypass the image extension check in the ticket creation editor. Normally you would go to Requests -> New Request -> select the 'Insert Image' to upload a picture to be included in the ticket and is restricted to jpg/gif/png files. If you send a POST request directly to the /jsp/UploadImage.jsp?Module=Workorder url you'll be able to upload any file. This might lead to uploading web site files which could be used for malicious actions (backdoors/shells).
Services By CQR