A SQL injection vulnerability was discovered in the Ypninc Realty Classifieds script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to gain access to sensitive information stored in the database, such as usernames and passwords.
A SQL injection vulnerability was discovered in Built2Go PHP Shopping version <= 1.7. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable script. This can be done by sending a crafted URL to the vulnerable script, such as http://server.com/product.php?cat=[sqli]. This will allow the attacker to execute arbitrary SQL commands on the underlying database.
The CGI scripts in the D-Link WBR-1310 (firmware v.2.00) do not validate authentication credentials. Administrative settings can be changed by sending the appropriate HTTP request directly to a CGI script without authenticating to the device. The following request will change the administrative password to 'hacked' and enable remote administration on port 8080: http://192.168.0.1/tools_admin.cgi?admname=admin&admPass1=hacked&admPass2=hacked&username=user&userPass1=WDB8WvbXdHtZyM8&userPass2=WDB8WvbXdHtZyM8&hip1=*&hport=8080&hEnable=1 Even if remote administration is not enabled, any Web page that any internal user browses to can change the administrator password and enable remote administration via a hidden image tag embedded in the Web page. No Javascript required.
This exploit is a buffer overflow vulnerability in the AddContextRef() method of the ActiveX control with CLSID 2745E5F5-D234-11D0-847A-00C04FD7BB08. The exploit uses a shellcode to run calc.exe. The exploit first creates a big block of memory and then fills it with the shellcode. It then creates an array of 350 elements, each element containing the block of memory with the shellcode. Finally, it calls the AddContextRef() method with the address 0x0c0c0c0c, which is the address of the first element of the array.
A persistent XSS vulnerability exists in the WORDPRESS Plugin Accept Signups due to the lack of sanitization of user input. The vulnerable code is present in the accept-signups_submit.php file, which does not sanitize the user input before inserting it into the database. An attacker can exploit this vulnerability by sending a malicious payload in the email parameter of the accept-signups_submit.php file. This will result in the malicious payload being stored in the database and executed when the page is loaded.
Mitel Audio and Web Conferencing (AWC) is a simple, cost-effective and scalable audio and web conferencing solution supporting upto 200 ports. ProCheckUp has discovered that the AWC web user interface is vulnerable to an unauthenticated command execution attack. Command execution allows Unix commands to be remotely executed with the permissions associated with the web service account. No authentication is required to exploit this vulnerability.
On August 2nd, VSR identified a vulnerability in Citrix Access Gateway within the way user authentication credentials are handled. Under certain configuration settings it appears that user credentials are passed as arguments to a command line program to authenticate the user. A lack of data validation and the mechanism in which the external program is spawned results in the potential for command injection and arbitrary command execution on the Access Gateway.
The following code is a proof of concept for a crash vulnerability that exists in 'Apple iPhone MobileSafari'. Point your browser to the created file (crash.html) and see what happen. The vulnerable function is: . = 'A X 20000120';
JobAppr is a simple job board software for every category. CSRF vulnerability can be exploited by creating a malicious form with hidden fields. SQL Injection vulnerability can be exploited by setting up some POST variables. Arbitrary File Upload vulnerability can be exploited by uploading a shell with an extension jpg,jpeg,gif or png.
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in nuser variable. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.
Services By CQR