Even though the use of CSRF tokens are being implemented in the application, they aren't properly validated at the server side. This allows malicious requests to be generated by the attacker and get them processed by the server on behalf of the victim. By exploiting the vulnerability, the attacker will be able to create user accounts with administrator privileges on the application.
POP Peeper is vulnerable to SEH Over-write. An attacker can exploit this vulnerability by creating a malicious file with a long string of characters and entering it in the Account Name field when creating a new account. The attacker can then compose a new mail with the same malicious string in the TO and Subject fields. When the attacker saves the mail as a draft, the application will crash. Everytime the attacker clicks on the Check Mail option, the application will crash as it will load the saved DRAFT.
This exploit is a stored XSS vulnerability in the Xfinity Modem. An attacker can craft a malicious POST request with a malicious service name, which will be stored in the modem and executed when the page is loaded. This can be used to execute arbitrary JavaScript code on the modem.
Google AdWords API client libraries for PHP, Java and .NET were found to lack necessary preventions against XXE attacks. The vulnerable code can be found in the following files: googleads-php-lib/src/Google/Api/Ads/AdWords/Lib/AdWordsUser.php, googleads-java-lib/src/com/google/api/ads/adwords/lib/AdWordsUser.java, googleads-dotnet-lib/src/Google.Api.Ads.AdWords.Lib/AdWordsUser.cs. An attacker may be able to read sensitive files on the server, or even execute arbitrary code on the server in certain cases.
Default installation of ebay Magento eCommerce software comes with a cron.php which allows to manage scheduled tasks. The script is not protected by default and can be publicly accessed. The publicly exposed cron script poses some potential risks such as exploitation of the well known shellshock vulnerability on unpatched systems leading to code execution. The same script has another potential command execution vector that stems from inproper data sanitisation passed to a shell_exec function. Apart from the code execution vectors, the script could potentially be used to perform a DoS attack due to lack of locking mechanism that prevents the script from spawning multiple instances of other helper shell scripts.
QNap QVR Client 5.1.0.11290 is vulnerable to a denial of service attack when a maliciously crafted string is sent to the 'Nombre de Usuario' field. This causes the application to crash.
The Google AdWords API client library for PHP contains a WSDL Interpreter class which is described in a comment within the source code as: The WSDLInterpreter is utilized for the parsing of a WSDL document for rapid and flexible use within the context of PHP 5 scripts. The class contains a function savePHP() which allows to convert the WSDL document received from a remote end into a PHP file. The funcion is vulnerable to Path Traversal and Code Execution vulnerabilities.
My Calendar 2.4.10 is vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). The vulnerability exists due to insufficient sanitization of user-supplied input in the 'category_name' parameter of the 'my-calendar-categories.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary HTML and script code in the browser of the unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
No CSRF protections exist allowing us to make malicious HTTP requests on behalf of our victim. The Server will then happily process any of the following actions if our victim clicks our infected linx or visits our malicious website while currently logged in to the vulnerable application. 1) 'add arbitrary users' 2) 'add or change SMTP settings' 3) 'add arbitrary redirect domains' 4) 'add arbitrary zone transfers' 5) 'delete zone transfer domains'
The exploit_lem.py script can be used to gain access to the appliance, and a new admin user can be added to the web console by editing /usr/local/contego/run/manager/UserContextLibrary.xml. The gen_pass_hash.py script can be used to generate a valid password hash.
Services By CQR