A vulnerability exists in CmS version 5.0, where an attacker can inject malicious SQL queries via the 'IndustryID' parameter in the 'category.php' script. An attacker can use the 'union all select' statement to extract sensitive information from the database, such as login credentials.
MultiThreaded HTTP Server v1.1 is a Java based HTTP server. This is the latest version of the application available. MultiThreaded HTTP Server is vulnerable to remote directory traversal attacks.
Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it. This vulnerability can be exploited to force a logged in Administrator to run arbitrary SQL commands or create a new user with Full Privileges.
A Cross Site Scripting (XSS) vulnerability has been discovered in CactuShop. This vulnerability occurs in the file that processes the user invoices (_invoice.asp). A malicious user can abuse of this flaw by requesting for an invoice and thus tricking an admin user into issuing him an invoice.
A vulnerability in the Joomla component com_portfolio allows an attacker to read sensitive files on the server. The vulnerability exists due to insufficient validation of user-supplied input in the 'w' and 'src' parameters of the phpThumb.php script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This will allow the attacker to read sensitive files on the server, such as the /etc/passwd file.
This vulnerability allows an attacker to cause a denial of service (DoS) by sending a specially crafted ogg file to a vulnerable web server. The server will then crash due to the large number of audio tags in the HTML code. The crash reporter for Mac OSX 10.5.8 seems to think this is a EXEC_BAD_ACCESS.
Comment sender's name is not filtered and can be used to inject malicious code.
Remote users can upload file without authentication. After software installation it is still possible for remote users to reinstall the software without authentication.
The vulnerability exists due to failure in the /e107_admin/users.php script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability. The following PoC is available: <form method=POST action=http://host/e107_admin/users.php name=main> <input type=hidden name=userid value=2> <input type=hidden name=userip value=1.2.3.4> <input type=hidden name=useraction value=admin> </form> <script>document.main.submit();</script>
A local file inclusion vulnerability exists in com_mmsblog version 2.3.0. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This can allow the attacker to include and execute arbitrary local files on the vulnerable system.
Services By CQR