Most of Brother devices web authorization can be bypassed through trivial bug in login proccess. Even after failed login attempt, in http response headers appears valid authorization cookie. Authorization cookie is fixed and it is created as following: Plaintext password --> ASCII hex --> md5 (e.g. AuthCookie=c243a9ee18a9327bfd419f31e75e71c7 for 'test' password)
A Directory Traversal vulnerability was discovered in MyBB version < 1.8.11. The vulnerability exists in the 'pathfolder' parameter of the '/webroot/mybb_1810/Upload/admin/modules/config/smilies.php' file. By setting the 'pathfolder' parameter to '../../bypass/smile', an attacker can traverse the directory and access sensitive information.
A Cross-Site Scripting (XSS) vulnerability exists in MyBB versions <1.8.11. An attacker can post a thread or reply any thread with a malicious payload, which when hovered by a user, will execute the malicious code.
An unauthenticated attacker can inject malicious SQL queries into the 'category_id' parameter of the 'categorySearch' page, allowing them to access or modify data in the back-end database.
Social Directory Script 2.0 is vulnerable to SQL Injection. Attackers can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by manipulating the 'subcategory', 'searchtopic' and 'category' parameters of the application. An attacker can also gain access to the admin panel by exploiting the 'id', 'username' and 'password' parameters.
This bug was found using the portal in the files: /spider-event-calendar/calendar_functions.php and /spider-event-calendar/widget_Theme_functions.php. The parameter 'order_by' is not sanitized in /spider-event-calendar/front_end/frontend_functions.php, allowing for SQL injection. To exploit the vulnerability only is needed use the version 1.0 of the HTTP protocol to interact with the application.
Classified Portal Software 5.1 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by manipulating the 'ad_id' and 'classi_ad_type' parameters in the 'search-result.php' page.
This exploit allows attackers to read files that are otherwise inaccessible by exploiting a known XML injection vulnerability in a number of Adobe products. The attack works with BlazeDS 3.2 and earlier versions, LiveCycle 9.0, 8.2.1, and 8.0.1, LiveCycle Data Services 3.0, 2.6.1, and 2.5.1, Flex Data Services 2.0.1, ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2.
Proxifier 2.18 (also 2.17 and possibly some earlier version) ships with a KLoader binary which it installs suid root the first time Proxifier is run. This binary serves a single purpose which is to load and unload Proxifier's kernel extension. Unfortunately it does this by taking the first parameter passed to it on the commandline without any sanitisation and feeding it straight into system(). This means not only can you load any arbitrary kext as a non-root user but you can also get a local root shell.
The KLoader binary executes a number of system commands. The commands are executed from a relative path. The PATH environment variable is not sanitized before these commands are run. The PATH variable is set to the current working directory of the KLoader binary. This allows a local attacker to inject arbitrary commands in the PATH variable.
Services By CQR