A stack-based buffer overflow vulnerability exists in all versions of Internet Download Manager (IDM). An attacker can exploit this vulnerability by copying the content of a malicious file into the username field of the IDM Dial Up/VPN options, leaving the password field blank. This will cause a buffer overflow and execute arbitrary code on the target system.
The Vulnerability Laboratory Research Team discovered multiple web vulnerabilities in the NeoBill v0.8 Alpha Content Management System. The vulnerability allows remote attackers or local low privileged user account to inject/implement malicious persistent script code on application side (persistent). The vulnerability is located in the `name` and `email` value of the `add_user` module. Exploitation of the persistent input validation vulnerability requires a low privileged user account and low user interaction. Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects and persistent manipulation of affected or connected module context.
The Vulnerability Laboratory Research Team discovered multiple persistent web vulnerabilities in the ASTPP VoIP (4cf207a) phone billing web application. The web vulnerabilities allow remote attackers to implement/inject malicious script code on the application side (persistent). The first persistent web vulnerability is located in the user management (admin) module with the bound vulnerable firstname, lastname & company parameters. The first vulnerability can easily be exploited by customers to inject malicious script code in the firstname, lastname & company fields. The malicious script code will be executed in the browser of the customer when the customer visits the user management list. The second persistent web vulnerability is located in the user management (admin) module with the bound vulnerable address parameter. The second vulnerability can easily be exploited by customers to inject malicious script code in the address field. The malicious script code will be executed in the browser of the customer when the customer visits the user management list. The third persistent web vulnerability is located in the user management (admin) module with the bound vulnerable city parameter. The third vulnerability can easily be exploited by customers to inject malicious script code in the city field. The malicious script code will be executed in the browser of the customer when the customer visits the user management list. The fourth persistent web vulnerability is located in the user management (admin) module with the bound vulnerable state parameter. The fourth vulnerability can easily be exploited by customers to inject malicious script code in the state field. The malicious script code will be executed in the browser of the customer when the customer visits the user management list. The fifth persistent web vulnerability is located in the user management (admin) module with the bound vulnerable zip parameter. The fifth vulnerability can easily be exploited by customers to inject malicious script code in the zip field. The malicious script code will be executed in the browser of the customer when the customer visits the user management list. The sixth persistent web vulnerability is located in the user management (admin) module with the bound vulnerable country parameter. The sixth vulnerability can easily be exploited by customers to inject malicious script code in the country field. The malicious script code will be executed in the browser of the customer when the customer visits the user management list. The seventh persistent web vulnerability is located in the user management (admin) module with the bound vulnerable phone parameter. The seventh vulnerability can easily be exploited by customers to inject malicious script code in the phone field. The malicious script code will be executed in the browser of the customer when the customer visits the user management list. The eighth persistent web vulnerability is located in the user management (admin) module with the bound vulnerable fax parameter. The eighth vulnerability can easily be exploited by customers to inject malicious script code in the fax field. The malicious script code will be executed in the browser of the customer when the customer visits the user management list. The ninth persistent web vulnerability is located in the user management (admin) module with the bound vulnerable email parameter. The ninth vulnerability can easily be exploited by customers to inject malicious script code in the email field. The malicious script code will be executed in the browser of the customer when the customer visits the user management list. The tenth persistent web vulnerability is located in the user management (admin) module with the bound vulnerable notes parameter. The tenth vulnerability can easily be exploited by customers to inject malicious script code in the notes field. The malicious script code will be executed in the browser of the customer when the customer visits the user management list.
Many of the web pages included inside the device firmware are vulnerable to SQL injection (SQLI) issues, and allow attackers to interact with the underlying MySQL database. In the following we provide just few examples for this vulnerability class, but the same kind of defect also affects several different web pages.
The Vulnerability Laboratory Research Team discovered a critical sql vulnerability in the Knowledge Base Enterprise Edition v4.62.0. The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands on the affected application dbms without user interaction. The vulnerabilities are located in search module when processing to request the category variable with selcategory argument. Successful exploitation of the vulnerability results in MSSQL dbms & ASP application compromise.
A vulnerability in Webify photo gallery allows an attacker to delete arbitrary files uploaded in post and upload their own files.
An attacker can delete files uploaded in post and upload their own files if the server allows it. The exploit can be accessed by changing the number of post in the URL http://server/edownloadscart/uploads/X/
This PoC exploit code demonstrates how several bugs in Sitecom MD-253 and MD-254 Network Storage devices can be combined to obtain a root shell. Firmware versions up to and including 2.4.17 are affected by the following vulnerabilities: 1. The /cgi-bin/upload CGI used by the firmware update function allows arbitrary file uploads that are granted execute permissions, not removed after uploading if they don't contain valid firmware, and stored in a predictable location. 2. Installer.cgi contains a command injection vulnerability that allows one to run arbitrary commands as root (only a limited character set can be used due to URL-encoding by CGI-handler).
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
An attacker can delete files uploaded in post and upload their own files if the server allows it.
Services By CQR