Users inside the CLI can run some kind of “Fork Bomb” in order to saturate system resources because of an insecure ulimit value.
Multiple Reflected Cross Site Scripting vulnerabilities were found in Ironmail's Web Access console, because the application fails to sanitize user-supplied input. The vulnerabilities can be triggered by any logged-in user.
Some files that allow to obtain usernames and other internal information can be read by any user inside the CLI.
Ironmail was found to allow any CLI user to run arbitrary commands with Admin rights, due to improper handling of environment variables.
A Local File Inclusion (LFI) vulnerability exists in the com_appointment version 1.5 component for Joomla. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This can allow the attacker to include and execute arbitrary local files on the vulnerable system.
A Local File Inclusion (LFI) vulnerability exists in the com_datafeeds version 880 component of Joomla. An attacker can exploit this vulnerability to include local files on the affected system. This can be done by sending a specially crafted HTTP request to the vulnerable system, containing directory traversal characters (e.g. '../') in the 'controller' parameter of the vulnerable component.
A Local File Inclusion (LFI) vulnerability exists in the com_fabrik component of Joomla. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains a maliciously crafted parameter which can be used to include arbitrary files from the server. This can be used to gain access to sensitive information such as system files, configuration files, and source code.
A local file inclusion vulnerability exists in com_hsconfig version 1.5, which is a component of Joomla. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences to the vulnerable server. This can allow the attacker to include and execute arbitrary local files on the vulnerable system.
A Local File Inclusion (LFI) vulnerability exists in the Joomla Component Joomla Flickr version 1.0.x. An attacker can exploit this vulnerability to include local files on the affected system. This can be exploited to gain access to sensitive information or execute malicious code.
A Local File Inclusion (LFI) vulnerability exists in the Joomla Component Juke Box version 1.7. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a maliciously crafted parameter value which is then used to include a file from the local file system. This can be used to gain access to sensitive information or execute malicious code on the vulnerable server.
Services By CQR