The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in NRGNSID variable from cookie. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in username and key variables, it's possible to generate an sql query error that will reveal the database tables prefix. The following PoC is available: <form action="http://[host]/index.php?login=true" method="post"><input name="username" type="hidden" value="\"><input name="password" type="hidden" value="password"><input value="Login" name="login" type="submit"></form> and http://[host]/index.php?key=\
The vulnerability exists due to failure in the "/forumdisplay.php" script to properly sanitize user-supplied input in mybb[forumread] variable from cookie, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information.
The vulnerability exists due to failure in the 'index.php' script to properly sanitize user-supplied input in 'dbhcms_user' and 'searchString' variables. Attacker can use browser to exploit this vulnerability. The following PoCs are available: <form action='http://host/' method='post' name='main' > <input type='hidden' name='dbhcms_user' value=''SQL CODE HERE' /> <input type='hidden' name='dbhcms_passwd' value='password' /> <input type='submit' value='Login' name='submit' /> </form> <form action='http://host/index.php?dbhcms_did=1&dbhcms_pid=11&dbhcms_lang=en' method='post' name='search' /> <input name='dbhcmsCache' value='CT_OFF' type='hidden' /> <input name='todo' value='searchExecute' type='hidden' /> <input name='searchString' value=''SQL CODE HERE' type='hidden' /> <input type='submit' value='Search' name='submit' /> </form>
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in [prefix]_language variable from cookie. The following PoC is available: Cookie: [prefix]_language=../../../1; File must exist.
Cross-Site Request Forgery (CSRF) is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.
A local denial of service vulnerability exists in Apache 2.2.16 on Windows XP. This bug is only affected on (Apache + perl) windows. To exploit this vulnerability, an attacker must save a malicious .pl file in the Apache cgi-bin directory and call it from a browser. This will cause Apache to crash and throw a debug prompt if configured.
During research it was found that perl module "ess.pm" is prone to remote code execution vulnerability due to lack of user input validation. Because of the "system()" call in "ess.pm" module it's possible to send specially crafted request to NitroSecurity ESM web interface, which results in remote command execution. It's necessery to change IFS (Internal Field Separator) to exploit this vulnerability. Probably other methods also would work.
David Hoyt discovered Cross Site Scripting and SQL Injection vulnerabilities in Plesk Small Business Manager 10.2 + Site Editor. The vulnerabilities can be exploited by remote attackers to inject malicious code into web pages viewed by other users, execute arbitrary SQL commands in the back-end database, and gain access to sensitive information. The vulnerabilities are located in the 'create-dir' parameter of the 'file-manager' module. The vulnerabilities can be exploited by remote attackers without user interaction.
Jamb CMS is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link or script that can add a post to the vulnerable website when visited by an authenticated user. This is due to the lack of CSRF protection in the admin.php file, which allows an attacker to send a malicious request to the vulnerable website without the user's knowledge.
Services By CQR