Zenphoto CMS 1.3 is vulnerable to multiple CSRF vulnerabilities. An attacker can exploit these vulnerabilities to change the admin password, alter enabled status, and modify the admin rights of the user.
The attacker can insert the xss script in the profile section in the following fields: Details option, Gaming Connections option, My Contact Info option, Options option. Attack Pattern: '>><marquee><h1>XSS3d By Sid3^effects</h1><marquee> once inserted goto check your profile.'
dotDefender is prone to a XSS because it doesn't satinate the input vars correctly. Injecting obfusctated JavaScript code based on references vars assignment, the dotDefender WAF is vulnerable. Blocked: [victim]/search?q=%3Cimg%20src=%22WTF%22%20onError=%22{var%20{3:s,2:h,5:a,0:v,4:n,1:e}=%27earltv%27}[self][0][v%2Ba%2Be%2Bs]%28e%2Bs%2Bv%2Bh%2Bn%29%28/0wn3d/.source%29%22%20/%3E Unblocked: [victim]/search?q=%3Cimg%20src=%22WTF%22%20onError=alert(/0wn3d/.source) %20/%3E
Diferior CMS 8.03 is vulnerable to multiple CSRF vulnerabilities. An attacker can exploit these vulnerabilities to change the admin password, change the admin email address, and ban a user. The attacker can also change the password and email address of other users by changing the value of the 'cust_user' parameter in the POST request.
This is a proof of concept that it is possible to write ROP exploits that are portable to different operating systems. This exploit is using the following variables: 1. "Offset": The offset to the SEH overwrite 2. "Offset2": The offset before the ROP code starts in the buffer 3. "K32Offset": The offset to the kernel32 pointer on the stack 4. "VPOffset": The offset to VirtualProtect() from the grabbed kernel32 address 5. "ASLR": Activates or deactivates the ASLR bypassing ROP code The K32Offset and VPOffset are negged hex-numbers, to evade the null-byte problem.
I-net Enquiry mannagement Script has sql injection vulnerability. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by manipulating the 'id' parameter in the 'viewaddedenquiry.php' page.
Joomla Component QContacts (com_qcontacts) is vulnerable to SQL Injection. The vulnerable parameters are Itemid, id and catid. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a SQL query in the form of a URL parameter. This can be used to extract sensitive information from the database.
Opera.html is a malicious HTML file that contains a script which triggers an out-of-bounds read vulnerability in Opera. The vulnerability is triggered when the script calls the getImageData() function with a large width and height parameter. This causes the browser to read data outside of the allocated memory, which can lead to a crash or information disclosure.
Corel WordPerfect is prone to a remote buffer overflow vulnerability because the application fails to perform adequate boundary checks on user supplied input with .SHW (Presentations Slide Show) file. Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Grafik CMS 1.1.2 is vulnerable to multiple CSRF attacks. An attacker can exploit these vulnerabilities to change the admin password, create a new admin user, delete a user, delete a page, and logout the administrator.
Services By CQR