In /module/download/downfile.jsp ,filename and pathfile didn't verify user's input, allowing an attacker to download any files.
jSchool Advanced is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.
A vulnerability in AuraCMS Mod Block Statistik version 1.62 allows an attacker to inject arbitrary SQL commands via the 'id' parameter in the 'pdf.php' script.
Sahitya Graphics CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
vBulletin is prone to a Persistent Cross Site Scripting vulnerability within the Profile Customization feature. If this feature is not enabled the vulnerability does not exist and the installation of vBulletin is thereby secure. Within the profile customization fields, it is possible to enter colour codes, rgb codes and even images. The image url() function does not sanitize user input in a sufficient way causing vBulletin to be vulnerable to XSS attacks. With the previous patch for vBulletin 4.0.8 PL1, most attacks were disabled however it is possible to bypass this filter and inject data which is then executed effectively against though not limited to Internet Explorer 6.
The vulnerability is in the file search.php, the variable search_app is vulnerable. An attacker can exploit this to find out the rootpath of website or for SQLi attack. Google Dork: inurl:viewforum.php?id= S-Cms. Exploit: http://server/s-cms/viewforum.php?id='1 (FPD), http://server/s-cms/viewforum.php?id=1+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7+from+cms_users-- (SQLi), http://server/s-cms/viewforum.php?id='1%3E%22%3Cscript%3Ealert(document.cookie)%3C/script%3E (XSS)
A Local File Inclusion (LFI) vulnerability was discovered in the Joomla Component (com_jimtawl) which allows an attacker to include local files on the vulnerable server. The vulnerability is due to insufficient sanitization of user-supplied input in the 'task' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to include local files on the vulnerable server, resulting in the disclosure of sensitive information.
The Native Instruments's Service Center suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change(write)) for 'Everyone', for the installed files ServiceCenter.exe and Reloader.exe.
Massive suffers from a use-after-free error when parsing sound files (.KSD) resulting in a crash. The user input is not properly sanitized which may give the attackers the possibility for an arbitrary code execution on the affected system. Failure of exploitation may result in a denial of service scenario.
The NI's Reaktor 5 Player suffers from multiple file handling vulnerability when processing .ens (Ensamble) and .ism (Instrument) files resulting in a heap overflow/memory corruption crash. An attacker can leverage from this scenario to arbitrary code execution or denial of service attack.
Services By CQR