Any registered user can simply disable functionality of the whole application and input malicious code because of a lack of filtering.
Kallithea suffers from a HTTP header injection (response splitting) vulnerability because it fails to properly sanitize user input before using it as an HTTP header value via the GET 'came_from' parameter in the login instance. This type of attack not only allows a malicious user to control the remaining headers and body of the response the application intends to send, but also allow them to create additional responses entirely under their control.
The title parameter contained within the c:windowsImage2PDF.INI is vulnerable to a buffer overflow. This can be exploited using SEH overwrite. Instructions: 1. Run this sploit as-is. This will generate the new .ini file and place it in c:windows, overwriting the existing file 2. Run the Image2PDF program, hit [try], file --> add files 3. Open any .tif file. Here's the location of one that comes with the installation: C:Program Files (x86)VeryPDF Image2PDF v3.2trial.tif 4. Hit 'Make PDF', type in anything for the name of the pdf-to-be, and be greeted with your executed shellcode;
Multiple CSRF (cross-site request forgery) vulnerabilities in the ZMI (Zope Management Interface). Patches to Zope and Plone for multiple CSRF issues.
This vulnerability allows attackers to download the config file without authentication. It does not check cookies and credentials on POST method.
The application allows users to upgrade their own profile. The user has the possibility to add a new photo as attachment. The photo that he uploads will be stored into GLPI_ROOT/files/_pictures/. This file, for example named 'photo.jpeg', will be directly accessible through 'http://host/GLPI_ROOT/files/_pictures/XXXX.jpeg', where 'XXXX' is an ID automatically generated by the system and visible in the HTML source code. Besides, the server does not check the extension of the uploaded file, but only the first bytes within it, that indicates which kind of file is. Exploiting this flaw, an attacker may upload a tampered jpeg file that contains php code placed at the end of the file, so that, just changing the file extention to '.php', by default the php code will be interpreted!
This bug was found using the portal with authentication as administrator. To exploit the vulnerability only is needed use the version 1.0 of the HTTP protocol to interact with the application. It is possible to inject SQL code in the variable 'status' on the page 'members.php'.
A buffer overflow vulnerability exists in LastPassBroker.exe when a maliciously crafted input is supplied to the password field. This can be exploited to cause a stack-based buffer overflow by supplying a large amount of data to the password field. This can lead to arbitrary code execution.
This module exploits the CnC web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra.
Multiple CSRF vectors exists within AlienVault ossim allowing the following attacks: 1)Delete user accounts(ex.admin account) 2)Delete knowledge DB items. The only thing the attacker needs to do is sending the link to the victim via GET request, if the victim authenticated on the ossim and click on the link the following attacks can be occurred.
Services By CQR