The $babInstallPath-parameter and $GLOBALS['babAddonPhpPath']-parameter are not declared before include, allowing an attacker to execute malicious code.
Tequila is a solid, safe, fast, simple and intuitive script which allows companies or individuals to upload, manage and share their files online. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. This will allow the attacker to download any file from the server, including sensitive files such as /etc/passwd.
This module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins master, which allows remote arbitrary code execution. Authentication is not required to exploit this vulnerability.
This module exploits a vulnerability found in ManageEngine Desktop Central 9. When uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet class. This allows a remote attacker to inject a null bye at the end of the value to create a malicious file with an arbitrary file type, and then place it under a directory that allows server-side scripts to run, which results in remote code execution under the context of SYSTEM.
The $GLOBALS['babInstallPath']-parameter isn't declared before require_once. So an attacker can use this to execute some php-shellcode for example.
The vulnerability is a stack buffer overflow in the _FXCLI_GetConfFileChunk function caused by the insecure usage of _sscanf while parsing user-controlled input.
The vulnerability is a stack buffer overflow in the _FXCLI_SetConfFileChunk function caused by the insecure usage of _sscanf while parsing user-controlled input.
A vulnerability exists in IBM Tivoli Storage Manager FastBack Server 5.5.4.2, which could allow an attacker to cause a denial of service condition. The vulnerability is due to an invalid pointer dereference in the CLocation::GetLocationParams function. An attacker can send a specially crafted packet to the vulnerable server to trigger this vulnerability.
Joomla is vulnerable to Object Injection, which allows attackers to inject malicious objects into the application. This can be exploited to execute arbitrary PHP code by passing a specially crafted payload to the vulnerable application. This vulnerability affects Joomla versions prior to 3.4.5.
High-Tech Bridge Security Research Lab discovered vulnerability in bitrix.xscan Bitrix module, intended to discover and neutralize malware on the website. The vulnerability can be exploited to change extension of arbitrary PHP files on the target system and gain access to potentially sensitive information, such as database credentials, or even make the whole website inaccessible. The vulnerability exists due to absence of filtration of directory traversal characters (e.g. "../") passed via "file" HTTP GET parameter to "/bitrix/admin/bitrix.xscan_worker.php" script. A remote authenticated attacker can upload a file with malicious contents, pass this file to vulnerable script along with name of the file to rename. As a result, the vulnerable script will change extension of the given file from ".php" to ".ph_". These actions will make the web server treat this file as a text file and display its contents instead of executing it.
Services By CQR