Persistent Cross-site scripting (Stored XSS) vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to /infusions/faq/faq_admin.php, /infusions/shoutbox_panel/shoutbox_admin.php. An attacker can inject malicious JavaScript code into the application, which will be executed in the browser of the victim when the vulnerable page is accessed.
Online Scheduling System v1.0 suffers from an authenticated persistent cross-site scripting vulnerability. This Proof of Concept (PoC) will cause all users of the system, with read access to the courses, to execute arbitrary client-side code when viewing the 'Home' and 'List' tabs within the web application. The application fails to sanitize arguments supplied by the user before inserting them into the SQL database.
A denial of service vulnerability exists in VirtualTablet Server 3.0.2 (14) due to improper input validation. An attacker can send a specially crafted request containing an overly long string to the vulnerable server, resulting in a denial of service condition.
The hits script 1.0 is vulnerable to SQL Injection in the 'item_name' parameter of the ipn.php file. The parameter is used in a MySQL query without proper sanitization, allowing an attacker to inject malicious SQL code. The 'custom' parameter of the ipn.php file is also vulnerable to SQL Injection in a similar manner. The 'item_name' and 'mc_gross' parameters of the ipn.php file are also vulnerable to SQL Injection when used in a MySQL query without proper sanitization.
EmEditor is a fast, lightweight, yet extensible, easy-to-use text editor for Windows. An attacker can replace any *.exe files with any executable malicious file and wait to get SYSTEM or Administrator rights.
Multiple stack buffer overflow vulnerabilities have been discovered in the official Internet Download Manager v6.37.11.1 software. The buffer overflow allows to overwrite registers of the process to compromise the file-system by elevates local process privileges. The first stack buffer overflow is located in the `search` function of the downloads menu. The search function itself does not use any secure restriction in the requested search variable of the inputs. Local attackers with access to the software are able to overflow the registers to elevate local process privileges. The second stack buffer overflow is located in the `Export/Import` function of the tasks menu. Local users are able to import and export the download tasks as *.ef2 file. Local attackers are able to import manipulated *.ef2 files with manipulated referer and source url to overwrite the eip register. The third stack buffer overflow is located in the `Download` function of the tasks menu. Local users are able to download files with manipulated referer and source url to overwrite the eip register. The fourth, fifth, sixth, seventh, eighth, ninth and tenth stack buffer overflow is located in the `Download` function of the tasks menu. Local users are able to download files with manipulated referer and source url to overwrite the eip register.
A directory traversal web vulnerability has been discovered in the Easy Transfer Wifi Transfer v1.7 ios mobile application. The vulnerability allows remote attackers to change the application path in performed requests to compromise the local application or file-system of a mobile device. Attackers are for example able to request environment variables or a sensitive system path.
School ERP Pro 1.0 is vulnerable to an arbitrary file read vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request containing a maliciously crafted document parameter to the vulnerable download.php script. This can allow an attacker to read sensitive files from the server.
A student can send a message to the admin. Additionally, with this method, the student can upload a PHP file to the system and run code in the system.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
Services By CQR