A vulnerability exists in Microsoft Unicode Scripts Processor (usp10.dll) which allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows XP and Vista. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of font files. The vulnerability is due to a lack of bounds checking when parsing a specially crafted font file. An attacker can leverage this vulnerability to execute code in the context of the current process.
Input passed to the 'view' parameter in jeguestbook.php (when option is set to com_jeguestbook) is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. Many parameters are not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The XFS filesystem is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Denial-of-service attacks may also be possible.
A remote SQL injection vulnerability exists in MyPhpAuction 2010. An attacker can send a specially crafted HTTP request containing an SQL statement to the vulnerable application in order to gain access to the admin panel. The attacker can then use the admin credentials to gain access to the application.
Webspell 4.X is vulnerable to a safe_query bypass vulnerability. This vulnerability allows an attacker to inject malicious SQL queries into the webspell_settings.php file via the 'function safe_query' parameter. The exploit can be triggered by using the '%20UNION+/**/+SELECT%20' payload.
The vulnerability exists in the asearch.php file of webspell 4.2.1. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable file with a malicious SQL query. This can allow the attacker to gain access to sensitive information such as passwords from the database.
Micro CMS is prone to a Persistent Cross-Site vulnerability because it fails to properly sanitize user-supplied input. Input passed via the 'name' parameter(also in text-area) in a comment section to "comments/send/" is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow the attacker to steal cookie-based authentication and to launch further attacks.
As application does not properly validate the “confirm” parameter in URL, a logged-in achievo user may be tricked to access an URL leading to deletion of tasks or projects without user.s confirmation. Proof of Concept: 1) To delete a project: http://server/dispatch.php?atknodetype=project.project&atkselector=project.id='XXXX'&atkaction=delete&atklevel=1&atkprevlevel=0&confirm=Yes (where XXXX is the project ID number) 2) To delete an activity: http://server/dispatch.php?atknodetype=timereg.hours&atkaction=delete&atkselector=hoursbase.id='XXXX'&confirm=Yes (where „XXXX. is the actual ID of the activity to be deleted) Note: Even though a confirmation message is displayed to the user, at that point the activity has already been deleted.
It is possible to create and delete arbitrary activities to and from arbitrary users by modifying IDs in client requests.
Browser Injection for handling() by Javascript-SQLi Codes. Javascript code: javascript:document.cookie="alezalogin=login='or'level=11&pass='or';path=/"; Go to http://[Victim]/admin
Services By CQR