The configuration interface for FreePBX is prone to a remote arbitrary code execution on the system recordings menu. FreePBX doesn't handle file uploads in a secure manner, allowing an attacker to manipulate the file extension and the beginning of the uploaded file name. When a file is uploaded, a copy is saved temporarily under the /tmp/ directory, where the name of the file is composed by the user number followed by the string 'ivrrecording' and the file extension.
This exploit is related to the Microsoft MPEG Layer-3 Audio Decoder vulnerability which allows an attacker to cause a division by zero error in the l3codeca.acm 1-9-0-306 (XP SP2 ñ XP SP3) component of Microsoft Windows. The vulnerability is triggered when a specially crafted AVI file is opened, which can lead to a denial of service or potentially allow arbitrary code execution.
A stack-based buffer overflow vulnerability exists in Microsoft Excel 2002 and XP (SP3). An attacker can exploit this vulnerability by sending a specially crafted Excel file to the victim. When the victim opens the file, the attacker's code will be executed in the context of the current user. This can potentially allow the attacker to execute arbitrary code on the victim's machine.
The Collaborative Passwords Manager 1.07 is vulnerable to local file inclusion. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. The attacker can include a malicious file from the local system by using the ‘_SESSION[user_language]’ parameter. The malicious file can be included in the following URLs: http://[victim]/?_SESSION[user_language]=[etc/passwd]%00, http://[victim]/sources/admin.queries.php?_SESSION[user_language]=[etc/passwd]%00, http://[victim]/sources/functions.queries.php?_SESSION[user_language]=[etc/passwd]%00, http://[victim]/sources/views.queries.php?_SESSION[user_language]=[etc/passwd]%00, http://[victim]/sources/groups.queries.php?_SESSION[user_language]=[etc/passwd]%00, http://[victim]/sources/items.queries.php?_SESSION[user_language]=[etc/passwd]%00
OvBB v0.16a is vulnerable to multiple Local File Inclusion (LFI) vulnerabilities due to insufficient sanitization of user-supplied input. The vulnerability exists in the 'skins/default' directory, where there are about 67 vulnerable files. An attacker can exploit this vulnerability by sending a crafted HTTP request with maliciously crafted input to the vulnerable application. This can allow an attacker to include and execute arbitrary local files on the server, leading to remote code execution.
GeekLog v1.3.8 is vulnerable to a SQL injection vulnerability in the filemgmt/singlefile.php?lid=1 parameter. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter. This can allow an attacker to gain access to sensitive information such as usernames and passwords stored in the database.
WAnewsletter v 2.1.2 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable parameter 'id' in the URL. This can be used to extract sensitive information from the database such as user credentials.
A SQL injection vulnerability exists in the Joomla (joostina) component com_ezautos. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary SQL commands on the underlying database, potentially allowing them to access sensitive information or modify data.
Many numeric parameters are not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
A vulnerability has been identified in "BSI Hotel Booking System", which could be exploited by attackers to bypass security restrictions into admin panel. The vulnerability is caused due to an error within the authentication process in admin panel login page, which could be exploited by a malicious attackers and login into "BSI Hotel Booking System" as an admin. Successful exploitations allows attacker to access into administrative functions without requiring knowledge of the password. An attackers while login as admin, may expose any sensitive information about the customers like : customer name, address, email, payment methods & details,etc.
Services By CQR