The authentication and privilege system for Polar Helpdesk is based entirely on the values read from a cookie that is saved on the client system. An attacker may modify values in the appropriate cookie to gain administrative access to the affected software. The provided Perl script demonstrates how to exploit this vulnerability by grabbing user lists, grabbing users' email, and listing all available Inbox tickets with charge and credit card information.
The Mensajeitor Tag Board application is affected by an authentication bypass vulnerability. This allows an attacker to post messages as an administrator, facilitating HTML injection and attacks.
LBE Web HelpDesk is reported susceptible to an SQL injection vulnerability. This issue is due to improper sanitization of user-supplied data. This issue may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
This exploit is for the TESO BSD chpass vulnerability. It allows an attacker to execute arbitrary code with root privileges on vulnerable systems. The exploit works by exploiting a buffer overflow in the chpass utility, which is used to change user passwords on BSD-based operating systems. By sending a specially crafted input, an attacker can overwrite important memory addresses and gain control of the system. This exploit is written in C and includes shellcode for both OpenBSD and FreeBSD systems.
An SQL injection vulnerability is identified in the application that may allow attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. This vulnerability exists due to insufficient sanitization of user-supplied input through the 'where' parameter of 'problist.asp' script. Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may gain access to the administrative username and password and execute arbitrary database commands as well.
An SQL injection vulnerability is identified in the application that may allow attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks.
Nucleus CMS, Blog:CMS, and PunBB are vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer. Input passed to the 'common.php' script is not sufficiently sanitized.
CSRF vulnerability in Wordpress Developer Formatter plugin allows attackers to perform unauthorized actions on behalf of authenticated users.
The SCO Multi-channel Memorandum Distribution Facility (MMDF) is affected by multiple vulnerabilities. These vulnerabilities are due to a failure of the utility to properly validate buffer boundaries when copying user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary code or crash the affected utility.
The 'printview.php' script in Print Topic Mod is vulnerable to remote SQL injection. This vulnerability occurs due to improper sanitization of user-supplied input before using it in an SQL query.
Services By CQR