Codoforum is prone to a Persistent Cross-site Scripting Vulnerability in User-Comment replay section. An attacker can exploit this issue to creating user with payload and perform cross-site scripting attacks. Codoforum version 4.8.3 is vulnerable.
This PoC exploits a vulnerability in Django which allows an attacker to bypass authentication by using a specially crafted email address. The attacker can use this vulnerability to reset the password of any user in the system and gain access to their account.
Windows VCF cards do not properly sanitize email addresses allowing for HTML injection. A corrupt VCF card can cause all the users currently opened files and applications to be closed and their session to be terminated without requiring any accompanying attacker supplied code. This can be done by crafting the Mailto link to point to Windows 'logoff.exe'. The corrupt VCF card can then kill all users applications and also log the target off their computer, if the VCF card is opened in using Windows Contacts and the link is clicked.
Voyager 1.3.0 and bellow is vulnerable to Directory Traversal. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'path' parameter of the '/admin/voyager-assets' URL. A remote attacker can send a specially crafted request to the vulnerable application and gain access to arbitrary files on the server, including the Laravel environment file. This can lead to further attacks such as remote code execution.
There is a SQL injection vulnerability in the /index.php page which allows for an attacker to use the SQLi login bypass payload '=''or' for both the username and password parameters, this allows for any authenticated or low level user to login to the admin account.
SpotDialup is vulnerable to a denial of service attack when a malicious user sends an overly long string to the 'Key' field when registering the software. This causes the application to crash.
The FTPGetter Professional v.5.97.0.223 FTP client suffers from a NULL pointer dereference vulnerability via the program not properly handling user input when setting the field 'Run program' under profile properties, it triggers when executing the profile.
A malicious user can create a file (poc.txt) with 1000 characters and paste it in the 'Name' field of the SpotIM software, which will cause the software to crash.
SpotMSN is vulnerable to a denial of service attack when a malicious user sends a large amount of data to the 'Name' field of the 'Register -> Enter Registration Code' window. This causes the application to crash.
SpotFTP FTP Password Recovery 3.0.0.0 is vulnerable to a denial of service attack when a maliciously crafted input is sent to the 'Name' field. An attacker can exploit this vulnerability by creating a file (poc.txt) containing a large number of characters and then copying and pasting the characters in the 'Name' field, which will cause the application to crash.
Services By CQR