PerfexCRM 1.9.7 is prone to unrestricted file upload that lead to system take over by misconfigured elfinder plugin. Bypassing the misconfigured file upload with file .php5 and bypassing the file content restriction by adding TEXT line to represent mime type text.
While most applications require authentication to gain access to private information or to execute tasks, not every authentication method is able to provide adequate security. Negligence, ignorance, or simple understatement of security threats often result in authentication schemes that can be bypassed by simply skipping the log in page and directly calling an internal page that is supposed to be accessed only after authentication has been performed. In addition, it is often possible to bypass authentication measures by tampering with requests and tricking the application into thinking that the user is already authenticated. This can be accomplished either by modifying the given URL parameter, by manipulating the form, or by counterfeiting sessions.
ImgHosting 1.5 is vulnerable to XSS attacks. The affected function is its search engine. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.
This script will return a reverse shell on specified listener address and port. Ensure you have started a listener to catch the shell before running!
A stack buffer overflow vulnerability has been discovered in the official Kentico v9.0, v10.0 & v11.0 content management system software. The vulnerability allows local attackers to compromise the software service to execute system specific attacks. The vulnerability is located in the `/CMSModules/AdminControls/Controls/Selectors/UserSelector.ascx.cs` file. Local attackers are able to inject own malicious script codes to compromise the software service. The request method to inject is POST and the attack vector is located on the application-side of the service.
The malicious content sent to the web browser often takes the form of a segment of JavaScript, but may also include HTML, Flash, or any other type of code that the browser may execute. The variety of attacks based on XSS is almost limitless, but they commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user's machine under the guise of the vulnerable site.
BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI. At any uploaded media there is a comment system where people can post (also anonymous). The comment system is vulnerable to XSS attacks. Since it's persistent and there is an user login interface, it's possible for attackers to steal sessions of users and thus admin(s).
In the 'ScanForMissingValues' method, it uses 'head'. But it doesn't check the grown segment 'current' is equal to 'head' before calling the method. This can lead to an out-of-bounds write vulnerability.
The syscall process_policy(scope=PROC_POLICY_SCOPE_PROCESS, action=PROC_POLICY_ACTION_GET, policy=PROC_POLICY_RESOURCE_USAGE, policy_subtype=PROC_POLICY_RUSAGE_CPU, attrp=<userbuf>, target_pid=0, target_threadid=<ignored>) causes 4 bytes of uninitialized kernel stack memory to be written to userspace. If task_get_cpuusage() set *scope=0 because none of the flags TASK_RUSECPU_FLAGS_PERTHR_LIMIT, TASK_RUSECPU_FLAGS_PROC_LIMIT and TASK_RUSECPU_FLAGS_DEADLINE are set in task->rusage_cpu_flags, proc_get_task_ruse_cpu() does not write anything into *policyp, meaning that cpuattr.ppattr_cpu_attr in handle_cpuuse() remains uninitialized. task_get_cpuusage() and proc_get_task_ruse_cpu() always return zero, so handle_cpuuse() will copy cpuattr, including the unititialized ppattr_cpu_attr field, to userspace.
This module exploits a file upload vulnerability in phpCollab 2.5.1 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user.
Services By CQR