Affected FortiNet products include FortiOS versions 5.4.0 to 5.6.0, FortiOS versions upto 5.6.0, and FortiOS versions upto 5.6.0. An XSS vulnerability was discovered in the WEB UI - Applications URL, which could be exploited by sending a malicious HTTP request. The request contained a malicious onmouseover attribute, which triggered an alert box when the user hovered over the element. The vendor has released a patch to upgrade to FortiOS version 5.6.1.
Joomla Component ccnewsletter 2.1.9 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'sbid' in the URL. This can be exploited using boolean-based blind, time-based blind and UNION query techniques.
The attached program binary causes a buffer overflow in cplus-dem.c when it tries to demangle specially crafted function arguments in the binary. Both the buffer size as well as the buffer content are controlled from the binary.
Friends in War Make or Break 1.7 is vulnerable to an unauthenticated admin password change. An attacker can exploit this vulnerability by sending a malicious POST request to the pass_edit.php script with the username parameter set to 1 and the password parameter set to the desired new password. This will allow the attacker to change the admin password without authentication.
This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except in an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the Control Panel. This is enought to bypass the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary DLL file.
The vulnerability exists due to insufficient filtration of user-supplied data in 'username' and 'catid' parameters of 'useruploads.php' and 'index.php' scripts. A remote attacker can execute arbitrary SQL commands in application's database and gain access to sensitive data. The attack can be performed without authentication.
Multiple Stored XSS vulnerabilities were found in the Ad Title and Ad Description parameters of the Front End Order Form. The payload will execute when the ad is displayed. Blind SQL Injection was found on the bsa_pro_id parameter, with payloads of AND boolean-based blind - WHERE or HAVING clause and MySQL >= 5.0.12 AND time-based blind.
JSObject::putInlineSlow and JSValue::putToPrimitive use getPrototypeDirect instead of getPrototype to get an object's prototype. This allows an attacker to bypass the Same Origin Policy and call a setter of another origin's object.
Navigate to scripts admin login page and submit admin' or ''='-- for username and it should give you access to the admin area.
The Identifier object created by 'Identifier()' is in the stack and will get freed in the end of the appendEntry method. This can lead to a use-after-free vulnerability when the object is accessed after it has been freed.
Services By CQR