Ziepod/Ziepod+ is vulnerable to cross application scripting when processing an XML subscription. In order to carry about the attack, the attacker must serve the malicious XML file on a web server first and trick the user into adding it to the subscription. Once the XML is automatically loaded, the JavaScript will execute, the attacker is capable of any of the following depending on the browser: 1. Modify the application contents in Ziepod 2. View/transfer/write data on the victim machine 3. Inject malware on the victim machine using, for example, an iframe
The latest version at the time of this advisory is vulnerble to the attack. It seems all files which the SYSTEM account can read can be accessed remotely, even accessing files on SMB shares located in the local network might be possible. The caveat is that only human readable files can be read. When subscribing to a mailing list the user sends an E-Mail with a subject like: SUBSCRIBE test-mailinglist@<domainhere>. An attacker can now supply dot dot slashes here to point to a different file as intended.
A vulnerability in PHP-Nuke 7.0/8.1/8.1.35 allows for remote code execution. A blind SQL injection attack is used to bypass AppArmor protection. A malicious user can register a normal account, login, and use a JavaScript command to obtain a user's cookie. The cookie can then be used to set a cookie with admin privileges.
This exploit is a Denial of Service (DoS) vulnerability in Firefox 3.6.3 and Safari 4.0.5. It is triggered by a malicious JavaScript code that calls the window.print() function. This causes the browser to crash and the user is unable to access the page. The exploit was discovered by Dr_IDE and tested on Firefox 3.6.3 on OSX 10.6.3 and Safari 4.0.5 on OSX 10.6.3.
Dr_IDE discovered a Denial of Service (DoS) vulnerability in Camino 2.0.2 and Safari 4.0.5. The vulnerability is triggered when a user visits a malicious website containing a script that calls the history.go() function in an infinite loop. The impact of the vulnerability is reduced because the user must either have popup blocker off, or accept popups.
Input passed via the "pageid" ,"lang" parameters to index.php is not properly sanitised before being used in a SQL query.
WP-SlimStat-Ex is a WordPress plugin that allows users to track their website's traffic. The plugin is vulnerable to Cross-Site Request Forgery (CSRF) attacks, which can be used to perform administrative actions on behalf of the user. An attacker can exploit this vulnerability by tricking a logged-in administrator into clicking a malicious link. This can be used to delete all the data collected by the plugin, or to add a new administrator account.
This is a proof-of-concept exploit for a stack buffer overflow vulnerability in Beyond Compare 3.0.13 b9599 (.zip). The vulnerability is triggered when a maliciously crafted .zip file is opened, which causes a buffer overflow and allows arbitrary code execution. The exploit code creates a malicious .zip file containing a shellcode and padding, which is then used to overwrite the SEH and NSEH registers.
A SQL injection vulnerability exists in Clicksor.com Contextual Advertising. An attacker can send a malicious SQL query to the vulnerable parameter 'page' and 'id' to gain access to the database and extract sensitive information such as usernames and passwords.
The DBHcms is a small free Open Source content management system for personal and small business websites. Stored XSS can be exploited by posting any script as name in the guestbook. Non-persistent XSS can be exploited by querying the string '><script>alert(1)</script>' in the search.
Services By CQR