A remote SQL Injection vulnerability is detected in the Free Reality v3.1-0.6 web application. The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands on the affected application dbms. Multiple persistent input validation vulnerabilities are detected in the Free Reality v3.1-0.6 web application. The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent).
The Vulnerability Laboratory Research Team discovered multiple web vulnerabilities in Viscacha Bulletin Board CMS v0.8.1.1. A remote SQL Injection vulnerability (POST) is detected in Viscacha Bulletin Board CMS v0.8.1.1. The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands on the affected application dbms. Successful exploitation of the vulnerability results in dbms & application compromise. The vulnerability is located on the bbcode module of the forum application. A remote Cross Site Scripting vulnerability is detected in Viscacha Bulletin Board CMS v0.8.1.1. The vulnerability allows an attacker (remote) or local low privileged user account to inject own malicious script codes on the application-side of the vulnerable module. The vulnerability is located on the bbcode module of the forum application.
The Vulnerability Laboratory Researcher Team discovered multiple Web Vulnerabilities in Proman Xpress 2012 Q2. A remote SQL Injection vulnerability is detected in the Promans Xpress 2012 Q2 content management system. The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands on the affected application dbms. Successful exploitation of the vulnerability results in dbms & application compromise. The vulnerability is located on the username post method. A persistent input validation vulnerability is detected n the Promans Xpress 2012 Q2 content management system. The bugs allow remot attackers to inject malicious script codes on application side (persistent). The vulnerability is located on the username post method.
The Vulnerability Laboratory Research Team discovered multiple Web Vulnerabilities in Travelon Express CMS v6.2.2. The vulnerabilities include Cross Site Scripting (XSS), SQL Injection, Path Traversal, and Information Disclosure. The Cross Site Scripting (XSS) vulnerability allows an attacker to inject malicious script codes on the application side (persistent). The SQL Injection vulnerability allows an attacker to inject/execute own sql commands on the vulnerable application dbms. The Path Traversal vulnerability allows an attacker to access restricted files and directories on the web server. The Information Disclosure vulnerability allows an attacker to access restricted files and directories on the web server.
This module exploits a use-after-free vulnerability in Firefox 8/8.0.1 and 9/9.0.1. Removal of child nodes from the nsDOMAttribute can allow for a child to still be accessible after removal due to a premature notification of AttributeChildRemoved. Since mFirstChild is not set to NULL until after this call is made, this means the removed child will be accessible after it has been removed. By carefully manipulating the memory layout, this can lead to arbitrary code execution.
This module exploits a vulnerability found in Distinct TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of 'SYSTEM'.
This module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, this module does so by generating 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6).
The BPE (byte pair encoding) compression uses two stack buffers of 256 bytes called 'left' and 'right'. The bpe_decompress function used in all the client/server programs of this protocol is affected by a stack based buffer-overflow caused by the lack of checks on the data sequentially stored in these two buffers. Buffer-overflow affecting phrelay in the handling of the device file specified by the client as existing Photon session.
The news.php4 script is vulnerable to SQL injection when the 'nid' parameter is supplied. An attacker can use this vulnerability to execute arbitrary SQL commands on the underlying database. The admin/setup.inc.php script is vulnerable to remote file include. An attacker can use this vulnerability to include a remote file containing malicious code and execute it on the vulnerable server.
Source code disclosure attacks on Kerio Web Server allow a malicious user to obtain the source code of a server-side application. This vulnerability grants the attacker deeper knowledge of the Web application logic.
Services By CQR