Input data from the form submission is not properly sanitized. Using blind SQL injection techniques, true statements will result in the listing appearing on the business listings page, while false statements will not. An example of this is submitting the request with AND 1=1 which will result in the listing appearing on the business listings page, while submitting the request with AND 1=0 will not result in the listing appearing on the business listings page.
phpmoneybooks 1.03 is vulnerable to Stored XSS vulnerability enabling an attacker to execute arbitrary JavaScript code withing the application. The vulnerability can be utilized when adding a new bank account or customer account. Users other then the admin account are able to input this information which in return can enable the super admin user to fall victim to this attack. The vulnerable index pages reside in /banks/index.php and /customers/index.php.
This module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. The flaw is generally known as a bug while processing the 'transform' attribute, however, that attack vector seems to only cause a TerminateProcess call due to a corrupt stack cookie, and more data will only trigger a warning about the malformed XML file. This module exploits the 'color' value instead, which accomplishes the same thing.
This module exploits an authentication bypass vulnerability in the administration console of Openfire servers. By using this vulnerability it is possible to upload/execute a malicious Openfire plugin on the server and execute arbitrary Java code. This module has been tested against Openfire 3.6.0a.
A vulnerability in Symantec Web Gateway 5.0.2.8 allows an attacker to include a remote file and execute OS commands. This is due to the application not properly validating user-supplied input. An attacker can leverage this vulnerability to gain access to sensitive information and execute arbitrary code on the server. The vulnerability is present in the previewProxyError.php and releasenotes.php scripts, which allow an attacker to include a remote file and execute OS commands. Additionally, the application allows an attacker to download and delete arbitrary files, as well as execute arbitrary code via the uploadFile.php and remoteRepairs.php scripts.
This module exploits a php unserialize() vulnerability in SugarCRM <= 6.3.1 which could be abused to allow authenticated SugarCRM users to execute arbitrary code with the permissions of the webserver. The dangerous unserialize() exists in the 'include/MVC/View/views/view.list.php' script, which is called with user controlled data from the 'current_query_by_page' parameter. The exploit abuses the __destruct() method from the SugarTheme class to write arbitrary PHP code to a 'pathCache.php' on the web root.
The web interface is written using the PHP language. Several files contain user input validation flaws similar to the one described here. Cookie header values in /opt/webserver/htdocs/index.php are not validated at all. The provided cookie value is used within an include statement allowing the attacker to force inclusion of arbitrary files (as long as they are named home.php). To allow the customization of the user interface one may upload theme files (zip archives) through the web interface. The contents of these archives are not restricted so adding a file named home.php is possible.
This vulnerability allows an attacker to bypass security checks in the initialization of the quicktime.util.QTByteObject class. This can be exploited to execute arbitrary code by loading malicious classes.
When submitting a query via the widget, intercept the post request via burp or other proxy to find the following: action=displayAnswer&category=1&searchtxt=[your query] Changing category=1 to category=1 or 1=1 -- exposes the vulnerability, as it returns all FAQ results regardless of searchtxt value.
A vulnerability in the Fancy Gallery WordPress plugin allows an attacker to upload arbitrary files to the server. The vulnerability exists due to insufficient validation of user-supplied input in the 'image-upload.php' script, which is used to upload images to the server. An attacker can exploit this vulnerability by uploading a malicious file to the server. Successful exploitation of this vulnerability can result in arbitrary code execution on the vulnerable server.
Services By CQR