The MobileCartly 1.0 application is vulnerable to an arbitrary delete vulnerability. The vulnerability exists in the 'deletepage.php' file, which allows an attacker to delete any file on the server by passing the file path in the 'deletepage' parameter. This can be exploited to delete any file on the server.
Due to improper input sensitization, many parameters are prone to SQL injection, most importantly, the username parameter in the application's login form. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system by creating a small php shell in the application's root folder and writing the administrator username and password.
This module exploits a vulnerability found in NetDecision 4.2 TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of user executing the TFTP Server.
Kamads classifieds V2 is vulnerable to multiple vulnerabilities. An attacker can exploit these vulnerabilities to gain access to the admin panel of the application. The attacker can use the dork 'inurl:V2A_XHTML' to find vulnerable websites. The attacker can then use the exploit code 'javascript:document.cookie="$ja=$ja2;path=/";' to gain access to the admin panel.
A SQL Injection vulnerability is detected in the com_fireboard module of the joomla Content Management System. Remote attackers & low privileged user accounts can execute/inject own sql commands to compromise the application dbms. The vulnerability is located in the com_fireboard module with the bound vulnerable func fb_ parameter. Successful exploitation of the vulnerability result in dbms (Server) or applicatio (website) compromise.
The application is vulnerable to a post-authentication reflected XSS and post-authentcation arbitary file-reading vulnerability. The proof of concept code can be used to replicate the vulnerability.
WinWebMail Server 3.8.1.6 is vulnerable to multiple Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of user-supplied input in the body of the email. An attacker can exploit this vulnerability by sending a specially crafted email containing malicious JavaScript code to the vulnerable server. The malicious code will be executed in the context of the user's browser when the email is viewed.
ThreeWP Email Reflector is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker can send a malicious email with a specially crafted payload to the victim. The payload is then executed in the victim's browser, allowing the attacker to gain access to the victim's session and other sensitive information.
A Cross-Site Scripting (XSS) vulnerability was discovered in SurgeMail 6.0a4. The vulnerability exists due to insufficient sanitization of user-supplied input in the body of an email. An attacker can exploit this vulnerability by sending a malicious email with a specially crafted payload to a victim. The payload will be executed in the victim's browser when the email is viewed.
SmarterMail Free 9.2 is vulnerable to multiple Cross-Site Scripting (XSS) vulnerabilities. These vulnerabilities can be exploited by malicious people to conduct Cross-Site Scripting attacks. The vulnerabilities are caused due to insufficient sanitization of user-supplied input in various parameters. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the attacker can lure a logged-in user to a malicious web site.
Services By CQR