The WordPress Schreikasten 0.14.13 plugin is vulnerable to Cross-Site Scripting (XSS). An attacker can inject malicious JavaScript code into the name or content fields of a post, which will be reflected on the homepage. An example of malicious code is <script>alert('xss')</script>.
The Vulnerability Laboratory Research Team discovered multiple web vulnerabilities in iBoutique CMS v4.0 flexible e-commerce system. An SQL Injection vulnerability is detected in iBoutique v4.0, flexible e-commerce system. The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute his sql commands on the affected application DBMS. Successful exploitation of the vulnerability results in dbms & application compromise. A persistent input validation vulnerability is detected in iBoutique v4.0. The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent).
This module exploits a stack buffer overflow in the EZHomeTech EZServer. If a malicious user sends packets containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique.
The Airlock WAF protection can be completely bypassed by using overlong UTF-8 character representations of the NUL character such as C0 80, E0 80 80 and F0 80 80 80. During the tests no internal knowledge of the WAF was known, but it is suspected that the UTF-8 decoder fails to reject the overlong NUL byte character representations and they get decoded as U+0000 later on. Further the WAF would not perform any checks for attack patterns after the NUL byte.
The DLNA server listening on port 9500 can be crashed remotely due to a NULL pointer dereference caused by the failed allocation of a big amount of memory specified in Content-Length and the tentative of copying data in this NULL buffer. If Content-Length is between 4294967262 and 4294967293 the effect will be an unhandled exception in MSVCR90.calloc. The vulnerability is located in the lupin3 (libpin3) library.
MyTickets is vulnerable to a blind SQL injection vulnerability due to insufficient sanitization of user-supplied input in the 'MyTickets_language' cookie. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information.
Multiple vulnerabilities have been identified in the web management interface of QNAP. These include Command Injection, Cryptography and Cross-site Scripting. The Command Injection vulnerability exists in the QNAP Download Station (QDownload) as the application executes user-controllable data that is processed by a shell command interpreter. The Cryptography vulnerability exists in the QNAP login page as it stores persistent cookies (including the administrator username and password) as base64 encoded strings inside the cookie parameter nas_p. The Cross-site Scripting vulnerability exists in the web management interface.
This module exploits a stack based buffer overflow in the CGI version of PHP 5.4.x before 5.4.3. The vulnerability is due to the insecure handling of the HTTP headers.
The Vulnerability Laboratory Research Team discovered multiple web vulnerabilites in iScripts EasyCreate v2.0 CMS. These vulnerabilities include SQL Injection, Cross Site Scripting, Local File Inclusion, Remote File Inclusion, Cross Site Request Forgery, Session Fixation, Session Hijacking, Security Bypass, Path Traversal, and Denial of Service.
The vulnerability occurs in the csv.php file which does not require valid login credentials and can be used to execute SQL Queries. Using this cURL command a user can send this POST data which will create a new login: $ curl --data q=INSERT INTO `wp_users` (`user_login`, `user_pass`, `user_email`) VALUES ('test', '123456', 'jblow@gmail.com') http://www.example.com/blog/wp-content/plugins/wp-automatic/inc/csv.php
Services By CQR