Facetag Extention provide additional button on photo page for visitor or user to tag any name oh that image. Any visitor or registered user can perform this. FaceTag Extension adds an additional button on photo pages that let you tag a face on the picture for visitor and registered user. click on that button after that click on image where you want to tag a name just enter you malicious javascript and press Enter its stored as a keyword. Your Javascript Stored in Server's Database and execute every time when any visitor visit that photo or in keyword page.
OV3 suffers from multiple SQL Injection vulnerabilities. Input passed via multiple GET and POST parameters, including the User-Agent HTTP header, is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The application (Online Verwaltung III) suffers from an unauthenticated file disclosure vulnerability when input passed thru the 'file' parameter to 'download.php' script is not properly verified before being used to include files. This can be exploited to read arbitrary files from local resources with directory traversal attacks.
Piwigo's Facetag Extention have multiple SQL injection. Facetag Extention provide additional button on photo page for visitor or user to tag any name oh that image. Affected Method : 1) facetag.changeTag 2) facetag.listTags
This exploit allows an attacker to execute arbitrary code on a vulnerable TerraMaster NAS device running TOS version 3.0.30 or earlier. The exploit works by uploading a malicious PHP script to the device, which is then executed remotely. The script is uploaded using a specially crafted HTTP request, which includes a cookie with the value 'kod_name' set to '1'. The script is then executed by sending an HTTP request to the URL of the uploaded script.
In JsRuntimeState::setCaller, it saves the current caller in the JsRuntimeState object(rcx+158h in 64-bit). But the garbage collector doesn't mark this saved value. So it results in a UAF. Unlike in our test environment(Linux), it doesn't make reliable crashes on Windows. So another bug(#1258) was used to confirm the bug. If the UAF bug doesn't exist, the "crash" function will not be called(See poc.js).
A cross site scripting web vulnerability has been discovered in KEMP LoadMaster v7.135.0.13245 (latest). A non authenticated user is able to inject his own malicious Javascript code into the system and use it to create a new web administrator user.
Trend Micro Security Manager uses an outdated REST API (resteasyjaxrs2.3.5.Final.jar). The library suffers from an XXE vulnerability that can be exploited using Parameter Entities. By sending the following POST request, an attacker can gain the victims “/etc/shadow”
MsMpEng's JS engine uses garbage collection to manage the lifetime of Javascript objects. During mark and sweep, the GC roots the vectors representing the JS stack as well as a few other hardcoded objects, traversing reachable objects from those roots then frees any unreachable objects. The native stack is not marked, meaning that any native code which is using JsObject pointers needs to take care to ensure that either the objects will remain reachable or that a GC cannot occur. The vulnerability arises when a script callback is implemented by calling JsTree::run, which takes two arguments, the JS state and a flag which determines whether GC is blocked. If another JsTree is run inside the callback which passes 0 for the gc disable flag, then the script running under that JsTree::run will be able to cause a global GC. This can be done by eval'ing a string which will cause a GC when executed. The vulnerability is further compounded by the fact that native code has a JsObject pointer on the stack that is not being kept alive by other references reachable from GC roots.
TiEmu ( Texas Instrument Emulator ) 2.08 and prior is prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
Services By CQR