The vulnerability in PHPBB2 allows attackers to gain administrative access to the application by bypassing access validation. Attackers can modify the user level and user number parameters in the form to gain administrative privileges.
Audins Audiens is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, allow an attacker to steal authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
The application fails to sufficiently sanitize user-supplied input, leading to SQL-injection issues and a cross-site scripting issue. Exploiting these vulnerabilities could result in stealing authentication credentials, compromising the application, retrieving and overwriting sensitive information, accessing or modifying data, or exploiting latent vulnerabilities in the database implementation.
Inside the file ‘mobile/php/translation/index.php’ the following code can be found: $langFileLocation = ‘.’; $LZLANG = Array(); if (isset($_GET['g_language'])) { $language = ($_GET['g_language'] != ”) ? $_GET['g_language'] : ‘ein’; require ($langFileLocation . ‘/langmobileorig.php’); $LZLANGEN = $LZLANG; if (file_exists($langFileLocation . ‘/langmobile’ . $language . ‘.php’)) { require ($langFileLocation . ‘/langmobile’ . $language . ‘.php’); } The ‘g_language’ GET parameter is not validated before using it in a php require function call. This allows to include files that are stored on a windows server. It is, in this case, not possible to include files, if the php application is running on a linux server because ‘/langmobile’+ the language is not a directory and therefore cannot be traversed. In recent PHP versions null bytes are blocked. This means that in this case only files with the PHP extension can be
This module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the close_window.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system() from libc with an arbitrary CMD payload sent on the User-Agent header. This module has been tested successfully on Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware SMT_X9_214.
SQLiteManager is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
Microsoft Office Publisher is prone to a remote denial-of-service vulnerability because the application fails to properly handle malformed files. Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.
SolarPay is prone to a local file-include vulnerability because the utility fails to properly sanitize user-supplied input. Successfully exploiting this issue allows attackers to gain access to files located in directories they do not have permissions to access. Information that attackers harvest may aid them in further attacks.
Docebo is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Services By CQR