An attacker can change any user's email, including admin's, by issuing a GET request with the user's ID, an MD5 hash of the email, and the email itself.
The FortiGate series of multi-threat security systems detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance. Ranging from the FortiGate-30 series for small offices to the FortiGate-5000 series for large enterprises, service providers and carriers, the FortiGate line combines the FortiOS™ security operating system with FortiASIC processors and other hardware to provide a comprehensive and high-performance array of security and networking functions including: Firewall, VPN, and Traffic Shaping, Intrusion Prevention System (IPS), Antivirus/Antispyware/Antimalware, Web Filtering, Antispam, Application Control (e.g., IM and P2P), VoIP Support (H.323. and SCCP), Layer 2/3 routing, Multiple WAN interface options. FortiGate appliances provide cost-effective, comprehensive protection against network, content, and application-level threats - including complex attacks favored by cybercriminals - without degrading network availability and uptime. FortiGate platforms incorporate sophisticated networking features, such as high availability (active/active, active/passive) for maximum network uptime, and virtual domain (VDOM) capabilities to separate various networks requiring different security policies.
The vulnerability laboratory core research team discovered multiple web vulnerabilities in the SonicWALL UTM Email Security v7.3.5.6379 & Virtual Appliance. The vulnerabilities are located in the web-application service of the sonicwall email security appliance. 1.1 Cross Site Scripting (XSS) 1.2 Cross Site Request Forgery (CSRF) 1.3 SQL Injection
The wp-topbar.php does not utilize a nonce value when submitting any POST changes. As a result, this page is vulnerable to Cross Site Request Forgery. Proof of Concept Code is provided in the text.
A local buffer overflow vulnerability exists in NCMedia Sound Editor Pro v7.5.1. A specially crafted MRUList201202.dat file can cause a buffer overflow when opened in the application, resulting in arbitrary code execution. This exploit was tested on Windows XP SP3 Professional German.
Auxilium PetRatePro is vulnerable to Remote Add Admin, SQL Injection and Remote File Upload. An attacker can exploit the Remote Add Admin vulnerability by creating a new administrator account by submitting a malicious form. The SQL Injection vulnerability can be exploited by passing malicious payloads to the 'phid' parameter of the 'viewcomments.php' page. The Remote File Upload vulnerability can be exploited by uploading a malicious file to the 'upload_banners.php' page.
webERP is vulnerable to SQL Injection vulnerability in the WorkOrderEntry.php within the WO parameter. Due tue unvalidated input, when the single quote is inserted the web application throw a database error message that indicated a SQL Injection is exist. Another test was performed and indicated that the WO parameter is also vulnerable to time-based blind sql injection. However, the attacker must be in authenticated session to exploit the vulnerability.
LuxCal v2.7.0 is vulnerable to multiple remote vulnerabilities, including Local File Inclusion, Information Disclosure, XSS, and phpinfo(). The Local File Inclusion vulnerability can be exploited by sending a specially crafted HTTP request containing directory traversal characters (e.g. “../”) to the vulnerable application. This will allow an attacker to download the source code of the application. The Information Disclosure vulnerability can be exploited by sending a specially crafted HTTP request to the vulnerable application. This will allow an attacker to view the encrypted information of the database. The XSS vulnerability can be exploited by sending a specially crafted HTTP request containing malicious JavaScript code to the vulnerable application. This will allow an attacker to execute arbitrary JavaScript code in the context of the vulnerable application. The phpinfo() vulnerability can be exploited by sending a specially crafted HTTP request to the vulnerable application. This will allow an attacker to view the configuration information of the application.
This is a PoC exploit for CVE-2012-3524, which is an insecure getenv() by default vulnerability. The exploit uses a trivial non-dbus root exploit to gain access to the system. It uses a pam_systemd vector, a spice vector, and an Xorg vector to gain access.
This exploit is a SEH Based Exploit and the shellcode is universal. To exploit, copy the content of the file using Notepad++, then go to Downloads ---> Options ----> Dial up / VPN ----> paste the line into the username field and let the password field blank then click Enter. For French Version, go to Telechargement ---> Options ---> Internet ---> then Copy The Whole line from bof.txt and paste it into the username field and let the password field blank then click Enter.
Services By CQR