nfs_mount() employs an insufficient input validation method for copying data passed in the struct nfs_args from userspace to kernel. Specifically, the file handle to be mounted (nfs_args.fh) and its size (nfs_args.fhsize) are completely user-controllable. This can cause a kernel stack overflow which leads to privilege escalation in 7.3-RELEASE and 7.2-RELEASE, and a kernel crash / denial-of-service in 8.0-RELEASE (due to SSP/ProPolice).
The vulnerability is caused due to an improper check in “com.trend.iwss.gui.servlet.exportreport” servlet, allowing the download of arbitrary files. Using a path traversal technique, an attacker can change the original path to the file, modifying the parameter “exportname”. Servlet “com.trend.iwss.gui.servlet.ConfigBackup” is also affected by this vulnerability in the parameter “pkg_name”
A Cross-site Scripting (XSS) and SQL Injection vulnerability was discovered in P30vel. An attacker can inject malicious code into the vulnerable application to execute arbitrary HTML and script code in the context of the affected site, or to access, modify and delete data in the back-end database.
A file upload vulnerability is a vulnerability that allows an attacker to upload malicious files to a web application. This vulnerability exists in the form of an input field in the web application that allows users to upload files from their local machine to the web server. In this case, the vulnerable web application is http://www.p30vel.ir/Software-Index-P30vel.ir/siteadmin/doupload.php, which allows users to upload files with the extensions .php, .png, .bmp, .jpeg, and .gif. An attacker can exploit this vulnerability by uploading a malicious file to the web server, which can then be used to execute arbitrary code on the server.
A buffer overflow vulnerability exists in BlazeDVD v6 when a specially crafted .plf file is opened, which could allow an attacker to execute arbitrary code. The vulnerability is due to a lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can exploit this vulnerability by enticing a user to open a specially crafted .plf file. Successful exploitation could result in arbitrary code execution in the context of the application.
The Joomla JE Ajax event calendar component has a SQL vulnerability which allows an attacker to inject malicious SQL queries into the application. The vulnerability is present in the 'view' parameter of the component, which can be exploited to execute arbitrary SQL commands. The attacker can use this vulnerability to gain access to sensitive information stored in the database, such as user credentials and other confidential data.
A SQL injection vulnerability exists in Boat Classifieds, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is triggered when an attacker sends a specially crafted HTTP request to the printdetail.asp page with an invalid Id parameter. This can be exploited to gain access to sensitive information from the database, such as user credentials and other confidential data.
K-Search provides a way to start a meta-search engine and earn money by displaying relevant sponsored results taken from Pay Per Click feeds or own sponsors. An attacker can exploit the SQL Injection vulnerability by sending a crafted request to the application with a malicious SQL query. An attacker can exploit the XSS vulnerability by sending a crafted request to the application with a malicious JavaScript code.
Softbiz PHP FAQ Script is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL query to the vulnerable server. The malicious SQL query can be used to extract sensitive information from the database such as usernames, passwords, etc. The vulnerable parameter is the ‘id’ parameter in the ‘print_article.php’ script. An attacker can use the ‘substring’ function to extract the version of the database installed on the server. The attacker can then use the ‘select’ statement to extract the data from the database.
Boat Classifieds is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords.
Services By CQR