The https://[server]/UploadStyleSheet.aspx script does not validate the file type passed in the parameter 'myfile0' on the server side allowing the uploading and execution of ASPX files. An attacker can upload an ASPX web shell and execute commands with web server user privileges.
An attacker can add notes with HTML code which can be stored and accessed by anyone with the direct URL to the notes.php file.
This is proof of concept code that demonstrates the Microsoft Windows kernel (Intel/x64) SYSRET vulnerability as described in MS12-042. The shellcode disables code signing and will grant NT SYSTEM privileges to a specified application or already running process.
A SQL injection vulnerability exists in vlinks, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'page.php' script, and the 'id' and 'idc' parameters in the 'admin_modif_categorie.php' and 'admin_modif_partenaire.php' scripts, respectively. An attacker can use these vulnerabilities to gain access to the admin panel and extract sensitive information from the database.
XWiki Enterprise is a professional wiki that has powerful extensibility features such as scripting in pages, plugins and a highly modular architecture. There are three stored XSS vulnerabilities in XWiki. The first is a stored XSS in the user profile, which can be triggered by inserting a Javascript payload into the vulnerable fields of the user profile. The second is a link label stored XSS, which can be triggered by inserting a Javascript payload into the label field of a web page link. The third is a “Space Name” stored XSS, which can be triggered by inserting a Javascript payload into the “Space Name” field when creating a new space.
AJAX based wiki designed to operate like a desktop help viewer(chm) is vulnerable to multiple stored XSS vulnerabilities. The first XSS can be triggered by inserting a Javascript payload in the 'Tags' field when editing tags. The second XSS can be triggered by inserting a Javascript payload in the 'New Page Name' field when adding a new page. The third XSS can be triggered by inserting a Javascript payload in the Page editor when editing a page. All XSS will be triggered on all users visiting the Wiki.
This module abuses the "Command" trap in Zabbix Server to execute arbitrary commands without authentication. By default the Node ID "0" is used, if it doesn't work, the Node ID is leaked from the error message and exploitation retried. According to the vendor versions prior to 1.6.9 are vulnerable. The vulnerability has been successfully tested on Zabbix Server 1.6.7 on Ubuntu 10.04.
It is possible to inject malicious Javascript code into page comments and user profile. BusinessWiki use FCKEditor, It is possible to use the following page to upload malicious files onto the server: http://192.168.1.10/extensions/FCKeditor/fckeditor/editor/filemanager/connectors/uploadtest.html. Although FCKEditor restricts upload of certain file types it is possible to bypass this restriction.
Local file inclusion vulnerability in Easy Banner Pro (index.php page) allows an attacker to include a file from the local system. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable page with the malicious file path in the 'page' parameter.
Local file inclusion vulnerability in AB Banner Exchange, a PHP script for running a banner exchange system, allows an attacker to read arbitrary files on the server via a crafted URL.
Services By CQR