This module exploits an authenticated arbitrary file upload via directory traversal to execute code on the target. It has been tested on versions 6.5 and 7.1.0, in Windows and Linux installations of Novell ServiceDesk, as well as the Virtual Appliance provided by Novell.
The Webutler is a simple online page editor for static HTML files. Webmasters can provide a simple login option for image and text editing to their customers. The Webutler is a tool for websites or projects to be implemented with a small effort. The project has grown over the years and now you can do a lot of things with it. The all of administrative function allow any users to perform HTTP request without verify the request. This exploit can be performed while the logged on user (administrator) visit malicious web page that embedded HTML form.
The TH692- Outdoor P2P HD Waterproof IP Camera from TENVIS Technology Co., Ltd. contains hardcoded credentials in the firmware. The firmware version TH692C-V. 16.1.16.1.1.4 contains two sets of credentials, Mroot and Wproot, both with the password 'cat1029'. These credentials can be used to gain access to the device.
The vulnerable Fields for XSS are kento_pvc_numbers_lang, kento_pvc_today_text, and kento_pvc_total_text. The combination of CSRF and XSS in this plugin can lead to huge damage of the website, as the two fields kento_pvc_today_text and kento_pvc_total_text are reflected on all authenticated users as well as non-authenticated user, all the post have a footer which shows this two parameter reflected in them, so if an attacker successfully attacks a website almost all the pages on that website will execute the malicious javascript payload on all the clients browsers visiting that website. The Code for CSRF.html is provided in the text.
The plugin LeenkMe version 2.5.0 is vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). The XSS vulnerable fields are facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, and _wp_http_referer. The vulnerable page is wp-content/plugins/leenkme/facebook.php and the vulnerable code producing XSS is if ( !empty( $_REQUEST['facebook_message'] ) ) $user_settings['facebook_message'] = $_REQUEST['facebook_message']; else $user_settings['facebook_message'] = ''; if ( !empty( $_REQUEST['facebook_linkname'] ) ) $user_settings['facebook_linkname'] = $_REQUEST['facebook_linkname']; else $user_settings['facebook_linkname'] = ''; if ( !empty( $_REQUEST['facebook_caption'] ) ) $user_settings['facebook_caption'] = $_REQUEST['facebook_caption']; else $user_settings['facebook_caption'] = ''; if ( !empty( $_REQUEST['facebook_description'] ) ) $user_settings['facebook_description'] = $_REQUEST['facebook_description']; else $user_settings['facebook_description'] = '';
This module exploits a Perl injection vulnerability in Exim < 4.86.2 given the presence of the "perl_startup" configuration parameter.
It's possible to overwrite any file (and create new ones) on AirMax systems, because the 'php2' (maybe because of a patch) don't verify the 'filename' value of a POST request. It's possible to a unauthenticated user to exploit this vulnerability. An attacker can take control over any AirMax Product with a simple forged http POST request.
Improper handling of new line and white space character caused Out of Bound Read in CDOMStringDataList::InitFromString. This flaw can be used to leak the base address of MSHTML.DLL and effectively bypass Address Space Layout Randomization.
Brickcom web interface is vulnerable to an Insecure Direct Object Reference/Authentication Bypass vulnerability. This vulnerability allows an attacker to bypass authentication and gain access to the web interface.
An attacker can coerce a logged-in victim's browser to issue requests that will start/stop/restart services on the Firewall.
Services By CQR