ProFTPd 1.3.5 is vulnerable to a remote command execution vulnerability due to a flaw in the mod_copy module. An attacker can exploit this vulnerability by sending a maliciously crafted FTP command to the server. This will allow the attacker to execute arbitrary commands on the server.
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
RarmaRadio 2.72.8 is vulnerable to Denial of Service attack. By creating a new .txt file with a buffer of 100000 'Ñ' characters and pasting the content in the fields Username, Server, Port and User Agent, the application crashes.
The 'Bar Message' text field of the WordPress Plugin Cookie Law Bar 1.2.1 is vulnerable to stored XSS due to unsanitized user input. An authenticated attacker can retrieve cookies / sensitive data of all WordPress users by injecting a payload into the 'Bar Message' field and saving it. Browsing through the WordPress pages then shows the cookies of all users.
This vulnerability can result in the attacker to inject the XSS payload in the add Category field of the page and each time any user will open the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
An unauthenticated attacker can inject PHP code before the initial configuration that gets executed and therefore he can run arbitrary system commands on the server.
A stored cross-site scripting (XSS) vulnerability in Shopizer before version 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration and saved in the database. The code is executed for any user of store administration when information is fetched from backend. A reflected cross-site scripting (XSS) vulnerability in Shopizer before version 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the 'ref' parameter.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
This vulnerability could permit executing code during startup or reboot with the escalated privileges. An attacker could exploit this vulnerability by placing a malicious executable in the same directory as the unquoted service path.
iDailyDiary 4.30 is vulnerable to a Denial of Service attack when a maliciously crafted .txt file is created and its content is pasted in the field below 'Default diary tab name when creating new tabs' in the 'Preferences' tab of the program. This causes the program to crash.
Services By CQR