We have find this vulnerabilitie in VTiger 5.1.0. In this example, you can see a Local file Inclusion in the file sortfieldsjson.php. Try this: https://localhost/vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php?module_name=../../../../../../../../etc/passwd%00
There is no filtering on 'cimages.php' parameter 'name'.
Security-Assessment.com has discovered that the Oracle GlassFish Server REST interface is vulnerable to Cross Site Request Forgery (CSRF) attacks. Although the javax.faces.ViewState is employed in the standard web administrative interface and it prevents such attacks, the REST interface remains vulnerable, as shown in the Proof-of-Concept (PoC) below. Cross Site Request Forgery attacks can target different functionality within an application. In this case, as an example, it is possible to force an authenticated administrator user into uploading an arbitrary WAR archive, which can be used to gain remote code execution on the server running the Oracle GlassFish Server application.
All the NET-i ware services are affected by an endless loop caused by the wrong handling of negative 32bit size fields. Code execution vulnerability in the ConnectDDNS method used by the following ActiveX components: EEDBA32E-5C2D-48f1-A58E-0AAB0BC230E3 and 17A7F731-C9EC-461C-B813-2F42A1BB58EB. Stack overflow in the BackupToAvi method used by the same ActiveX components, triggered by a too long string passed to the BackupToAvi method.
Security-Assessment.com has discovered that components of the Oracle GlassFish Server administrative web interface are vulnerable to both reflected and stored Cross Site Scripting attacks. All pages where Cross Site Scripting vulnerabilities were discovered require authentication. Reflected Cross Site Scripting was discovered in multiple parts of the application, while Stored Cross Site Scripting was detected in the /management/domain/create-password-alias page.
By creating a specially crafted webdav request that contains an external entity it is possible to read files from a liferay server and echo these back in the response. You could use this for instance to download configuration files containing database passwords or ssh keys located in a users home folder.
This module exploits a vulnerability in Adobe Flash Player for Linux, version 10.0.12.36 and 9.0.151.0 and prior. An input validation vulnerability allows command execution when the browser loads a SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. The victim must have Adobe AIR installed for the exploit to work. This module was tested against version 10.0.12.36 (10r12_36).
This module exploits a buffer overflow in xRadio 0.95b. Using the application to import a specially crafted xrl file, a buffer overflow occurs allowing arbitrary code execution.
This module exploits a vulnerability found in TFTP Server 1.4 ST. The flaw is due to the way TFTP handles the filename parameter extracted from a WRQ request. The server will append the user-supplied filename to TFTP server binary's path without any bounds checking, and then attempt to open this with a fopen(). Since this isn't a valid file path, fopen() returns null, which allows the corrupted data to be used in a strcmp() function, causing an access violation. Since the offset is sensitive to how the TFTP server is launched, you must know in advance if your victim machine launched the TFTP as a 'Service' or 'Standalone', and then manually select your target accordingly. A successful attempt will lead to remote code execution under the context of SYSTEM if run as a service, or the user if run as a standalone. A failed attempt will result a denial-of-service.
asn1_d2i_read_bio in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can be exploited on systems that parse untrusted data, such as X.509 certificates or RSA public keys.
Services By CQR