The audit_list in ucc/admin_login.php of the Student Information System (SIS) application is vulnerable to an authentication bypass vulnerability. An attacker can exploit this vulnerability by providing a username and password of 'admin' or '1'='1' to bypass authentication.
NETGATE Data Backup installs a service with an unquoted service path. To properly exploit this vulnerability, the local attacker must insert an executable file in the path of the service. Upon service restart or system reboot, the malicious code will be run with elevated privileges.
AMITI Antivirus installs two service with an unquoted service path. To properly exploit this vulnerability, the local attacker must insert an executable file in the path of the service. Upon service restart or system reboot, the malicious code will be run with elevated privileges.
Graylog Collector installs as a service with an unquoted service path. If the user installs this service in a directory containing a space, this will create a privilege escalation vulnerability. To properly exploit this vulnerability, a local attacker can insert an executable file in the path of the service. Rebooting the system or restarting the service will run the malicious executable with elevated privileges.
Wondershare PDFelement installs a service with an unquoted service path. To properly exploit this vulnerability, the local attacker must insert an executable file in the path of the service. Upon service restart or system reboot, the malicious code will be run with elevated privileges.
An attacker is able to execute JavaScript and perform CSRF on a web application using YouTube Automated CMS, which allows an attacker to create a post when an authenticated user/admin browses a specially crafted web page. The title parameter was not filtering special characters, making it vulnerable to XSS. An attacker can create a CSRF exploit code for posting an article with XSS alert JavaScript payload as the title of the post. If the attacker is able to perform the CSRF attack successfully, the XSS will be triggered when someone opens the site using YouTube Automated CMS.
NO-IP DUC v4.1.1 installs as a service with an unquoted service path with name NoIPDUCService4.
Simple Forum PHP 2.4 is vulnerable to Cross-Site Request Forgery (CSRF) in the 'admin.php' page. An attacker can exploit this vulnerability to update the admin options such as email, captcha, captcha theme, items link, and time zone. The attacker can craft a malicious HTML page and send it to the admin of the application. When the admin visits the malicious page, the attacker's options will be updated.
A SQL injection vulnerability exists in Simple Forum PHP 2.4. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the affected parameter. The vulnerable parameter is 'topic_id' and 'id'. An example payload is '+order+by+100--+'. This will result in an error message 'Error: Unknown column '100' in 'order clause'
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'go.php' script. A remote attacker can execute arbitrary SQL commands in the application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.
Services By CQR