A remote code execution vulnerability exists in ArdeaCore v2.25 due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious code to the vulnerable application. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the vulnerable system.
Microsoft Cover Page Editor (fxscover.exe, version 5.2 r2 (Build 3790.srv03_sp2_gdr.100216-1301: Service Pack 2) as included in the mentioned operating system as a featured component crashes when opening .cov files (Fax Cover Page Files) with certain overlarge records.
OpenClassifieds 1.7.0.3 is vulnerable to a chained exploit which includes a captcha bypass, SQL injection, and persistent XSS. The exploit chain is within the application itself and works regardless of the operating system or configurations. The target must be a link to the document root of OpenClassifieds and the payload is a script tag with an alert.
A vulnerability exists in Web@all 1.1 which allows an attacker to change the admin user, password and email. An attacker can exploit this vulnerability by sending a malicious POST request to the action.php file with the new admin credentials.
The issue parameter is vulnerable to sql injection and the note parameter is vulnerable to stored XSS.
This exploit allows an attacker to add an admin user to the pecio CMS v2.0.5 application by sending a maliciously crafted request to the vulnerable application. The malicious request contains hidden form fields that are used to create a new admin user with full privileges. The exploit is triggered when the victim visits a malicious website or clicks a malicious link.
Kolibri v2.0 is vulnerable to a remote buffer overflow attack. By sending a malformed HEAD request, we are able to overwrite both the return address and an SEH handler. Null bytes terminate the request though, but we are able to partially overwrite with a pointer to a POP + POP + RET instruction inside kolibri.exe and gain control over the execution via SEH. This although gets complicated because the SEH handler offset between XP/2K3 and Vista/W7 is different by 2 bytes (probably due to local stack variables), thus we are able to cover only 2 operating system with the SEH overwrite exploit. In order to successfully exploit the RET overwrite, we need to either overwrite ret with jmp to the stack and then overwrite the stack with our shellcode, or find another way to get to our shellcode. Since null terminates the request string, it is impossible to pratially overwrite RET with an address from the binary and then overwrite with shellcode. We attempted finding another reliable way to get to our shellcode but haven't succeeded. The most reasonable option left is to overwrite RET with an OS specific address from a DLL that gets loaded by Kolibri.
LoveCMS 1.6.2 Final is vulnerable to multiple Local File Inclusion vulnerabilities. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'install' and 'uninstall' parameters of the '/system/admin/modules.php' script. A remote attacker can exploit this vulnerability to include arbitrary local files and execute arbitrary code on the vulnerable system. The attacker can also include sensitive files from the web server and view their contents.
Vacation Rental Script v4.0 is vulnerable to Cross-Site Request Forgery (XSRF) attacks. An attacker can craft a malicious HTML form and submit it to the vulnerable application. This form can contain hidden fields that can be used to modify the application state, such as changing the user role to 'admin' or changing the user's email address. This vulnerability can be exploited without authentication.
This exploit allows an attacker to add an admin user to the TRAIDNT UP Version 3.0 application by sending a maliciously crafted request to the vulnerable application. The malicious request contains a form with hidden fields that contain the details of the admin user to be added. When the form is submitted, the application adds the user to the system without any authentication.
Services By CQR