A Local File Inclusion (LFI) vulnerability exists in Joomla Component simpledownload version 0.9.5 and possibly lower versions. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This can allow the attacker to include and execute arbitrary local files on the vulnerable system.
There are security controls in place that attempt to prevent users from uploading PHP files and also renaming them to PHP extensions. However advanced security controls do not exist that would prevent a user from uploading a text file containing PHP code. An attacker can exploit a weakness in the file rename process allowing the attacker to rename a text file (containing code) to a .php extension and execute the script. This exploit demonstrates a way to backdoor File Thingie by uploading an *.inc file that contains a backdoored copy of File Thingie, then uploading a *.txt file containing some PHP code that will overwrite ft2.php to execute the backdoored copy of File Thingie. But first the *.txt file has to be renamed to a *.php and then executed in the browser.
A SQL injection vulnerability exists in the Joomla Component com_camp, which allows an attacker to execute arbitrary SQL commands via the 'cid' parameter in a 'show' task. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can be done by appending a malicious SQL query to the 'cid' parameter in the HTTP request.
This exploit uses JIT-SPRAY for DEP and ASLR bypass. The exploit uses 0x09090101 address for CALL JITed shellcode and the shellcode is system("notepad"). The exploit is triggered by navigating from START.htm to iff.htm to if1.htm and finally to 0day.html.
CompactCMS 1.4.0 is vulnerable to remote file upload.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The request contains a malicious SQL query in the BuyerID parameter which can be used to extract sensitive information from the database.
A Local File Inclusion (LFI) vulnerability exists in Joomla Component MS Comment version 0.8.0b and possibly lower versions. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This can allow the attacker to read sensitive files on the server, such as the /etc/passwd file.
An attacker may inject JavaScript code into url. Example: https://[VMware_Portal_IP]/not_a_real_page<SCRIPT>alert(/XSS/.source)</SCRIPT>
A vulnerability exists in Alibaba Clone Platinum, where an attacker can inject malicious SQL queries into the 'ProductID' and 'BuyerID' parameters of the 'buyer/index.php' page. This can be exploited to disclose the admin credentials by using the UNION SELECT statement.
A SQL injection vulnerability exists in Heaven Soft CMS v 4.7 (photogallery_open.php) which allows an attacker to execute arbitrary SQL commands via the 'cid' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application.
Services By CQR