The 'curdirpath' parameter in the 'slideshow.php' file of Dokeos 2.2.1 is vulnerable to time-based blind SQL injection. An attacker can exploit this vulnerability by sending a malicious payload to the 'curdirpath' parameter. The payload should be crafted in such a way that it will cause the server to pause for a certain amount of time. This can be done by using the 'SLEEP()' function. The attacker can then use a tool like Sqlmap to exploit the vulnerability and retrieve data from the database.
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. XSS issues were also discovered. The issue is triggered when input passed via multiple POST and GET parameters are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
w2wiki is vulnerable to stored and reflected XSS. The stored XSS can be exploited by sending a malicious POST request to the index.php page. The reflected XSS can be exploited by sending a malicious GET request to the edit and search page.
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Ultrabenosaurus ChatBoard. An attacker can send a malicious request to the vulnerable application without the user's knowledge or consent. This can be exploited to perform various actions such as sending messages on behalf of the user.
chat.php is not filtering special character, allowing an attacker to inject malicious JavaScript code into the application, which is then stored in the database and executed when other users view the page.
This module exploits a command injection in Apache Continuum <= 1.4.2. By injecting a command into the installation.varValue POST parameter to /continuum/saveInstallation.action, a shell can be spawned.
Foxit PDF Reader (version 1.0.1.0925 for Linux 64-bit) is vulnerable to a memory corruption vulnerability when started with a specially crafted PDF file. An example excerpt from the crash log is as follows: Program received signal SIGSEGV, Segmentation fault. 0x0000000000aab96c in CFX_BaseSegmentedArray::IterateIndex(int, int&, void**, int (*)(void*, void*), void*) const () (gdb) where #0 0x0000000000aab96c in CFX_BaseSegmentedArray::IterateIndex(int, int&, void**, int (*)(void*, void*), void*) const () #1 0x0000000000aab9dc in CFX_BaseSegmentedArray::Iterate(int (*)(void*, void*), void*) const () #2 0x0000000000ab1a99 in CFX_CMapByteStringToPtr::Lookup(CFX_ByteStringC const&, void*&) const () #3 0x00000000007db5df in CPDF_Dictionary::KeyExist(CFX_ByteStringC const&) const () #4 0x000000000070e6a6 in CBMTreeCtrl::GotoBookmark(CPDF_Bookmark, CPDF_Bookmark) () #5 0x000000000070e6e3 in CBMTreeCtrl::GotoBookmark(CPDF_Bookmark, CPDF_Bookmark) () #6 0x000000000070f986 in CBMTreeCtrl::on_ItemExpanded(QTreeWidgetItem*) () #7 0x00007ffff63682a6 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5 #8 0x00007ffff7722612 in QTreeWidget::itemExpanded(QTreeWidgetItem*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5 #9 0x00007ffff63682a6 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5 #10 0x00007ffff76ecc92 in QTreeView::expanded(QModelIndex const&) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5 #11 0x00007ffff76f8903 in QTreeView::expand(QModelIndex const&) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5 #12 0x00007ffff76f8a2f in QTreeView::expand(QModelIndex const&) ()
iSQL(RL) 1.0 is vulnerable to Shell Command Injection due to lack of filtering of special characters in str value. An attacker can inject arbitrary commands into the system by providing malicious input to the username and password fields. This can be exploited to execute arbitrary commands on the system.
This exploit allows an attacker to execute arbitrary code on a vulnerable Zabbix server using the API JSON-RPC. The exploit requires authentication and the attacker must know the hostid of the vulnerable server. The exploit was tested on Linux (Debian, CentOS) and works on Zabbix versions 2.2 - 3.0.3.
The group_id parameter of the Joomla com_payplans extension is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
Services By CQR