WebRCSdiff 0.9 is vulnerable to a Remote File Inclusion vulnerability due to a lack of sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. This can allow the attacker to execute arbitrary code on the server.
DIZzy 1.12 is vulnerable to a local stack overflow vulnerability. The bug was originally found on 22/02/2010 but since there is no response from developers it goes public. An attacker can exploit this vulnerability by executing a specially crafted payload with a length of 284 NOPs followed by a JMP ESP address from MSCTF.dll and 17 NOPs followed by a 57-byte shellcode.
Multiple vulnerabilities has been discovered in Front Accounting, which can be exploited by attackers to conduct SQL injection attacks. At least the following parameters are not properly sanitized: http://xxx.xxx.xxx.xxx/admin/fiscalyears.php The attacker can set parameter 'from_date's value to '01%2F01%2F2008%27%3B' http://xxx.xxx.xxx.xxx/dimensions/dimension_entry.php The attacker can set parameter 'ref's value to '1234%27%3B' The attacker can set parameter 'trans_no's value to '31%20having%201=1--' http://xxx.xxx.xxx.xxx/dimensions/view/view_dimension.php The attacker can set parameter 'trans_no's value to '3';' http://xxx.xxx.xxx.xxx/gl/bank_account_reconcile.php The attacker can set parameter 'reconcile_date's value to '1234%27%3B' http://xxx.xxx.xxx.xxx/gl/inquiry/balance_sheet.php The attacker can set parameter 'TransToDate's value to '1234%27+having+1%3D1--' http://xxx.xxx.xxx.xxx/gl/inquiry/bank_inquiry.php http://xxx.xxx.xxx.xxx/gl/inquiry/gl_account_inquiry.php http://xxx.xxx.xxx.xxx/gl/inquiry/gl_trial_balance.php http://xxx.xxx.xxx.xxx/gl/inquiry/profit_loss.php http://xxx.xxx.xxx.xxx/gl/inquiry/tax_inquiry.php The attacker can set parameter 'TransToDate's value to '1234%27+having+1%3D1--' The attacker can set parameter 'TransToDate's value to '1234%27%3B' http://xxx.xxx.xxx.xxx/gl/inquiry/journal_inquiry.php The attacker can set parameter 'FromDate's value to '1234%27%3B' The attack can be used to gain access to the database and modify the content.
Multiple Persistent Cross-Site vulnerabilities were found in Front Accounting v2.3RC2, because the application fails to sanitize the response before it is returned to the user. This can be exploited to execute arbitrary script and HTML code in a user's browser session. This may allow the attacker to steal the user's cookie and to launch further attacks. The parameter 'trans_no' in /purchasing/allocations/supplier_allocate.php is not properly sanitized. The parameter 'PONumber' in /purchasing/po_receive_items.php is not properly sanitized. Other parameters might also be affected.
Sitefinity CMS (ASP.NET) is vulnerable to a shell upload vulnerability. An attacker can upload a malicious ASP file with a double extension such as .asp;.jpg to the /UserControls/Dialogs/ImageEditorDialog.aspx page and then upload it to the /Images/ directory. This will allow the attacker to execute arbitrary code on the server.
The vulnerability exists due to failure in the 'News' module to properly sanitize user-supplied input in 'id' variable. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.
The vulnerability exists due to failure in the 'replays' module to properly sanitize user-supplied input in 'where' variable. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database. BBcode isn't properly sanitized. This can be used to post arbitrary script code. A remote user can determine the full path to the web root directory and other potentially sensitive information.
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in "gmt" and "icebb_login_key" variables. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database. Information Disclosure vulnerability exists due to failure in the "/index.php" and "/admin/index.php" scripts to properly sanitize user-supplied input in "icebb_login_key" variable from cookie, it's possible to generate an sql query error that will reveal the database tables prefix.
A stack overflow vulnerability exists in Safari 5.02 which can be exploited to cause a denial of service. The vulnerability is caused due to a boundary error when handling a specially crafted HTML page. This can be exploited to cause a stack-based buffer overflow by e.g. embedding a long string in the document.body.innerHTML property.
openEngine is prone to a local file inclusion and XSS vulnerabilities. The application fails to properly sanitize user-supplied input. Input passed via the 'template' parameter in "cms/website.php" is not properly verified before it is returned to the user. This can be exploited to obtain potentially sensitive information and execute arbitrary HTML, script code in an users browser session in the context of an affected site.
Services By CQR