OpenExpert is vulnerable to SQL Injection via the 'area_id' parameter. An attacker can exploit this vulnerability by sending a malicious HTTP GET request to the vulnerable server. The SQL query used returns 5 entries, including information_schema, mysql, performance_schema, sys, and test.
When uploading 'Banned' file types dirLIST replies with a base64 encoded error message. However, appending a semicolon ';' to end of our PHP file will skirt the security check allowing us to upload a banned PHP file type, and our PHP file will be executed by server when accessed later.
AdventNetADSMClient.jar file contains DuplicateComputersListener class definition which is accessible with /Report.do enpoint. start function of DuplicateComputerLİstener class is as follow (Irrelevant part are omitted.) It takes user input without validation and set it directly to the class variables such as tableName, attrbName. And then deriveData function are going to be called with class variables that under the adversary control during complatedAction function execution. It is possible to inject arbitrary SQL query to the application by manipulating attrbName and tableName parameters.
Reflected XSS vulnerability exists in the Image Sharing Script v4.13. An attacker can inject malicious JavaScript code in the vulnerable parameter 'q' of the 'searchpin.php' page. The malicious code will be executed in the browser of the victim when the vulnerable page is accessed.
The vulnerability exist in the web interface, which is accessible without authentication. Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable systems or devices who try to access certain sites are instead redirected to possibly malicious sites. Modifying systems' DNS settings allows cybercriminals to perform malicious activities like steering unknowing users to bad sites, replacing ads on legitimate sites, controlling and redirecting network traffic, and pushing additional malware.
The vulnerability exist in the web interface, which is accessible without authentication. Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable systems or devices who try to access certain sites are instead redirected to possibly malicious sites. Modifying systems' DNS settings allows cybercriminals to perform malicious activities like steering unknowing users to bad sites, replacing ads on legitimate sites, controlling and redirecting network traffic, and pushing additional malware.
iSelect is an interactive line selection tool, operating via a full-screen Curses-based terminal session. This exploit is a proof of concept (without Fortify) that uses a buffer overflow to execute arbitrary code. The exploit code creates a buffer of 1024 bytes, with 30 NOPsleds, followed by the shellcode and the EIP address. The exploit then calls the iSelect binary with the -k argument, passing the buffer as a parameter.
A remote cross-site request forgery vulnerability has been discovered in the official Huawei Flybox B660 3G/4G router product series. The security vulnerability allows a remote attacker to perform unauthenticated application requests with non-expired browser session credentials to unauthorized execute specific backend functions. The vulnerability is located in the `/htmlcode/html/sms.cgi` and `/htmlcode/html/sms_new.asp` modules and the `RequestFile` parameter of the localhost path URL. Remote attackers are able to send sms messages as malicious bomb to other phone numbers from any Huawei Flybox B660 via unauthenticated POST method request.
The vulnerability exists due to improper validation of user-supplied input in the 'doc' and 'docedit' parameters of the 'dashboard.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. An attacker can also bypass the authentication process by setting the username and password to 'or''='.
An attacker can exploit this issue via a browser. The following example URIs are available: http://localhost/[PATH]/admin/slider.php, file.php upload, http://localhost/[PATH]/admin/imageslider/file.php, http://localhost/[PATH]/admin/launch_time.php, http://localhost/[PATH]/admin/launch_message.php, http://localhost/[PATH]/admin/send_message.php, http://localhost/[PATH]/admin/subscribers.php, http://localhost/[PATH]/admin/settings.php, http://localhost/[PATH]/admin/users.php
Services By CQR