An insecure direct object references occured in case of an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and to access resources in the system. Insecure Direct Object References allows attackers to bypass authorization and access resources directly by modifying the value of a parameter[client] used. Thus finally point to other client account names, which allows an attackers to download others clients private data with no secure method provied.
A directory traversal vulnerability has been dsicovered in the official Galaxy Studio Lock Photos Album & Videos Safe v4.3 iOS mobile application. The security vulnerability allows an attackers to unauthorized request and download local application files by usage of manipulated path parameters.
A SQL injection vulnerability exists in Joomla! Component MediaLibrary Basic v3.5. An attacker can send malicious SQL queries to the application by manipulating the 'mid[0]' parameter in a 'lend_request' action or the 'view/book/19' parameter in a 'all-books' action. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
A SQL injection vulnerability exists in Joomla! Component BookLibrary v3.6.1. An attacker can send malicious SQL queries to the application by manipulating the 'comment' and 'searchtext' parameters in the 'index.php' and 'search' scripts, respectively.
A SQL injection vulnerability exists in Joomla! Component RealEstateManager v3.9. An attacker can send a malicious SQL query to the vulnerable parameter 'listing_type' or 'listing_status' in the 'search' script via the 'searchtext' parameter to execute arbitrary SQL commands in application's database.
Joomla! Component VehicleManager v3.9 is vulnerable to SQL Injection. This vulnerability can be exploited by sending malicious SQL queries to the vulnerable parameter. The vulnerable parameters are 'vcondition', 'transmission', 'listing_type', 'model', 'fuel_type' and 'maker'. An attacker can use these parameters to inject malicious SQL queries and gain access to the database.
A SQL injection vulnerability exists in Joomla! Component ContentMap v1.3.8. An attacker can send a malicious SQL query to the vulnerable parameter 'contentid' in the URL to execute arbitrary SQL commands in the database.
SQL iPlug listens on port 7078 by default, it suffers from denial of service when sending overly long string via HTTP requests fed to the 'D$EVAL' parameter.
A use-after-free vulnerability exists in Adobe Flash Player when applying bitmap filters. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user.
The attached fuzzed swf causes stack corruption when it is loaded, likely due to the parsing of the SWF file.
Services By CQR