The Windows Skype client implements two URI handlers, Skype: and Skype-Plugin. Both handlers allow for easy browser integration and are supported by all modern browsers. When a Skype link is clicked, the Skype.exe process is spawned with the /URI: command argument, followed by the user specified phone number or contact name. Due to a flaw in the current user input validation performed by Skype, it is possible to append additional command line arguments which are subsequently processed during the launch of Skype.exe. Security-Assessment.com found that the /Datapath argument can be included and directed to a remote SMB share directly through the Skype URI handler. The Datapath argument specifies where the Skype configuration files and security policy is kept. Specifying a Datapath argument will override any local security policy defined in the Windows registry. This allows a remote user to control the Skype configuration and security policy of the local client instance of Skype. Settings such as a remote proxy can be
An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'l' of the 'com_color' component. The malicious query can be used to extract sensitive information from the database, such as usernames and passwords.
An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'styletype' of the 'com_gigfe' component. This can allow the attacker to gain access to the database and execute arbitrary SQL queries.
A remote SQL injection vulnerability exists in Joomla com_products component. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.
A SQL injection vulnerability exists in the Eros Erotik Webkatalog start.php script, which allows an attacker to execute arbitrary SQL commands via the 'go' and 'id' parameters. An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious SQL statements to the vulnerable script. This can allow the attacker to gain access to sensitive information such as usernames, passwords, and emails stored in the database.
An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the URL. An example of this exploit is http://127.0.0.1/index.php?option=com_blog&task=viewdetails&id=-1/**/UNION/**/SELECT/**/1,2,3,4,5,6,7/**/FROM/**/jos_users/*
A persistent XSS vulnerability was found in the Admin module of ANE CMS 1. The vulnerability can be exploited by providing malicious script to the ADD LINKS Field which is then stored in the Database. The malicious script is then executed when the user visits the page.
The bugs can be exploited by logging in as an instructor and going to the manage section to add a poll and inject XSS code as a question or choice, create a new group and inject XSS code as title or group type, or add an assignment with XSS code as title.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable Joomla application. The request contains a malicious SQL query in the 'id' parameter of the 'com_about' component. This can allow the attacker to extract information from the database, such as usernames, passwords, and emails.
This module exploits a use-after-free vulnerability within iepeers.dll of Microsoft Internet Explorer versions 6 and 7. It sends a malicious payload to the client and handles the payload.
Services By CQR