This version of Personal.Net Portal(2.8.1) have Multiple Valnerabilities : User's Information Revelation, Upload a file with normal user that have low privilage, Persistent XSS for DDOS and remove Roles and ... (XSRF). With this path you can find User's Information of site: http://Example.com/Data/Statistics/Logins.xml. This Information includes: UserId, LoginCount, LastLogin, LoginName (for Example Admin), FirstName, LastName. After you logged in as a normal user (for example userName:user and Password:user), in the following path you can upload a specific file with POST Method which is containing user's cookie. http://Example.com/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=FileUpload&Type=File&CurrentFolder=/
In cms_write.php is no check if the user has administration rights. Because of that, there are 2 more vulnerabilities. The title, Menu-title and Content a user can submit are inserted directly into the database and inserted in the html-code on the page without and sanitizing at all. Postdata for Injection: title=&menutitle=home' AND (SELECT 1)='1&content=&submit=OK. One can inject via title or menutitle, both are vulnerable. On success, you'll see the message: 'H selida yparxei'.
RarCrack v0.2 is vulnerable to a buffer overflow vulnerability due to the lack of bounds checking on the 'filename' variable in the init() function. This allows an attacker to overwrite the return address of the function and execute arbitrary code.
Microsoft DRM technology (msnetobj.dll) ActiveX suffers from multiple remote vulnerabilities such as buffer overflow, integer overflow and denial of service (IE crash). This issue is triggered when an attacker convinces a victim user to visit a malicious website. The "GetLicenseFromURLAsync" function does not handle input correctly. Remote attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers. Failed exploit attempts likely result in browser crashes.
LightNEasy Cms 3.2.1 is vulnerable to Blind SQL Injection. The vulnerability exists due to the lack of sanitization of the $_POST['handle'] parameter before executing the database query. An attacker can exploit this vulnerability by sending a malicious URL with postdata containing a UNION SELECT statement with a BENCHMARK() function. This will trigger benchmark() if the first character of the admin hash is b.
The VWD-CMS have CSRF Vulnerability in order to remove any Role especially Admins Role. With this Vulnerability, an attacker can navigate the admin to visit a malicious site (when he is already logged in) to remove a role. The malicious site contains an HTML file with AJAX code and a GET method for this operation, which is enough to make the admin meet it.
RarCrack doesn't check the length of the archive and while cracking it crashes.
A vulnerability in Opencart allows an attacker to upload a malicious file to the server. The vulnerability exists in the 'File Upload' feature of the FCKeditor, which is used by Opencart. An attacker can exploit this vulnerability by sending a malicious file to the server via the 'File Upload' feature. The malicious file can then be accessed via the URL http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/php/shell.php or http://server/shell.php.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The attacker can inject malicious SQL queries into the vulnerable parameter and execute arbitrary SQL commands in the back-end database.
The default installation of SmarterMail is vulnerable to 1 (or more) of the file fuzzing types contained within FuzzDB and Burp Suite Pro 1.3.08 as a baseline analysis for exploit surface modeling. Reduced to exploits, Directory Traversal, OS Injection and Execution. Initial Exploit Requires user-level privs. A malicious user seeking to exploit Browser Clients can launch attacks from the User Home / Public Web Directory utilizing the SSL Certificate of the Host Provider. A malicious user seeking to exploit the Host Server can launch attacks as Local File Inclusion or Remote File Inclusion and perform Operating System Injections and Execution. A malicious user can read and write directories, files and perform malicious operations due to the default configuration of smartermail.
Services By CQR