The application suffers from an SQL Injection vulnerability. Input passed through 'user' POST parameter in checklogin.php is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and bypass the authentication mechanism.
Attacker can bypass login page and access to dashboard page by sending a POST request with '=''or' as the payload.
HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave (using OpenZWave). It controls your devices (switches, dimmers, etc.) based on an advanced scheduling system, taking into account things like measurements from various sensors. HomeAutomation suffers from multiple stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
XnConvert is vulnerable to Denial of Service attack. An attacker can create a malicious file with 9000 'A' characters and paste the content of the file into the 'User Name and Registration Code' field of XnConvert. This will cause the application to crash.
This exploit abuses pingbacks+xmlrpc multicall to exhaust connections. It sends a request with a large number of entries to the target server, which can cause the server to become overloaded and unresponsive.
FreeSWITCH listens on port 8021 by default and will accept and run commands sent to it after authenticating. By default commands are not accepted from remote hosts.
The 'pmc_username' parameter of pass_reset.php is vulnerable to reflected XSS. Payload: '><script>alert('xss')</script> Vulnerable URL: http://localhost/plus/pass_reset.php?L=english&pmc_username=''><script>alert('xss')</script>
This vulnerability allows an attacker to execute arbitrary code on the target server by exploiting an insecure deserialization vulnerability in Telerik UI. The attacker can upload a malicious DLL to the target server and then load it into the application via the insecure deserialization exploit.
The XNU function wait_for_namespace_event() in bsd/vfs/vfs_syscalls.c releases a file descriptor for use by userspace but may then subsequently destroy that file descriptor using fp_free(), which unconditionally frees the fileproc and fileglob. This opens up a race window during which the process could manipulate those objects while they're being freed. Exploitation requires root privileges. First the file descriptor (indx) and fileproc (fp) are allocated using falloc(). At this point the file descriptor is reserved, and hence unavailable to userspace. Next, procfdtbl_releasefd() is called to release the file descriptor for use by userspace. After the subsequent proc_fdunlock(), another thread in the process could access that file descriptor via another syscall, even while wait_for_namespace_event() is still running. This is problematic because in the error path wait_for_namespace_event() (reachable if copyout() fails) expects to be able to free the file descriptor with fp_free(). fp_free() is a very special-purpose function: it will clear the file descriptor, free the fileglob, and free the fileproc, without taking into consideration whether the fileproc or fileglob are referenced anywhere else. One way to violate these expectations is to make a call to filt_fileattach() in the race window. This will attach a filter to the fileproc, and the filter will reference the fileproc. When fp_free() is called, the fileproc will not be freed, and the filter will remain attached.
A reflected XSS was identified on the Login page of RUMPUS FTP Web File Manager. Payload: ?!'><sVg/OnLoAD=alert`1`// Vulnerable URL: http://127.0.0.1/Login?!'><sVg/OnLoAD=alert`1`//
Services By CQR