NetworX CMS is vulnerable to Cross-Site Request Forgery (CSRF) which allows an attacker to add an admin user to the system. An attacker can craft a malicious HTML page that contains a form with hidden fields and submit it to the vulnerable application. When a logged-in user visits the malicious page, the form will be automatically submitted and the attacker can add an admin user to the system.
A SQL injection vulnerability exists in the Joomla component com_ponygallery. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
The vulnerability is caused due to insufficient validation when decompressing FlashPix images and can be exploited to cause a heap-based buffer overflow via a specially crafted FPX file.
This module exploits a vulnerability found on V-CMS's inline image upload feature. The problem is due to the inline_image_upload.php file not checking the file type before saving it on the web server. This allows any malicious user to upload a script (such as PHP) without authentication, and then execute it with a GET request. The issue is fixed in 1.1 by checking the extension name. By default, 1.1 only allows jpg, jpeg, png, gif, bmp, but it is still possible to upload a PHP file as one of those extension names, which may still be leveraged in an attack.
The first vulnerability is a CSRF Add Admin PoC which allows an attacker to add an admin user to the system. This is done by sending a POST request with the necessary parameters. The second vulnerability is a Persistent XSS which allows an attacker to inject malicious JavaScript code into the system. This is done by creating a new user with a malicious username.
This module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The activeX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX points to part of the ROP chain in a heap chunk and the calculated call will hit the pivot in a separate heap chunk. This will take some time in the users browser.
The missing *FIPS fields in the "version compat check" command leads to a NULL pointer in execution. Process freezing caused by some continuous malformed commands, for e.g. sending multiple "version compat check" commands. The server crashes when it receives a command after an invalid version number.
This exploit is a buffer overflow vulnerability in WICD <= 1.7.1. It allows an attacker to execute arbitrary code on the vulnerable system. The exploit is triggered by setting a malicious 'beforescript' property in the wireless network configuration. When the vulnerable system attempts to connect to the malicious network, the malicious script is executed.
Software DEP Classified Script 2.5 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable script. This can allow the attacker to gain access to the database and potentially gain access to sensitive information such as usernames and passwords.
A SQL injection vulnerability exists in the Joomla component com_bearleague. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
Services By CQR