The Zomplog CMS 3.9 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this vulnerability to change the admin password or create a new admin user. The attacker can craft a malicious HTML page containing a form with hidden fields and submit it to the vulnerable application. The application will process the request without any user interaction.
The vulnerability exists in the 'Name' field of the 'Add a New Comment' form. An attacker can inject HTML or JavaScript code in the 'Name' field, which will be executed when the page is viewed by other users.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'folder_level' parameter to '/maincore.php' script. A remote attacker can include arbitrary local files and execute arbitrary PHP code on the vulnerable system.
Computer Associates Advantage Ingres 2.6 is vulnerable to multiple buffer overflow vulnerabilities. The iigcc service is vulnerable to a buffer overflow vulnerability when a large amount of data is sent to the service. This causes a pointer to be overwritten at byte 2106 and it crashes while executing MOV EAX,DWORD PTR DS:[EDX+8]. The iijdbc service is vulnerable to a buffer overflow vulnerability when a large amount of data is sent to the service. This causes a pointer to be overwritten at byte 1066 and it crashes while executing CMP ECX,DWORD PTR DS:[EDI+4].
The CMS is vulnerable to an SQL Injection attack when input is passed to the 'news_id' parameter. The script fails to properly sanitize the input before being returned to the user allowing the attacker to compromise the entire DB system and view sensitive information.
Saurus CMS 4.7.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows a malicious hacker to change the password of a user and also change the website information. The PoC 1 demonstrates how a malicious hacker can change the website information, while the PoC 2 demonstrates how a malicious hacker can change the user's password.
sFileManager version <= v.24a is vulnerable to a Local File Inclusion vulnerability. When the user clicks to download a file, two parameters are passed: action and pathext. The pathext parameter is checked for any malicious input, however, the action parameter is not checked and can be used to read any file in the server.
This vulnerability is caused by a buffer overflow in Adobe Acrobat Reader. It occurs when a specially crafted TTF font file is opened in Adobe Acrobat Reader. The vulnerability can be exploited to execute arbitrary code on the target system.
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
ACollab as described by its vendor is an accessible, open source, multi-group, Web-based collaborative work environment. ACollab is available as a standalone collaborative work environment that will run on its own. ACollab is ideal for groups working at a distance developing documentation, collaborating on research, or writing joint papers. All of the parameters are sanitized correctly before being used in SQL queries else of the POST parameters 'login' and 'password' in the 'sign_in.php' page. These parameters can be used for injecting arbitrary SQL queries; the 'login' parameter is single quoted and the 'password' parameter is single parenthesized, single quoted. The ACollab CMS uses two mechanism for authentication. One for master admin user which is based on a hard coded username/password initialized in the installation process. And a DB-based authentication for all other users, including the group administrators which can add/remove/edit all posts and news and ... from forums and first screen of the website. The second authentication mechanism can be bypassed. Go to the sign in page at 'victim.net/ACollab/sign_in.php' and use the following vectors for injecting your desired SQL query, namely $Q: - In the Username field (login POST parameter): ' or $Q or ''=' - In the Passwrod field (password POST parameter): ' or $Q or ''=' Go to the sign in page at 'victim.net/ACollab/sign_in.php' and use the following vectors for bypassing the authentication: - In the Username field (login POST parameter): ' or 1=1 or ''=' - In the Passwrod field (password POST parameter): ' or 1=1 or ''='
Services By CQR