An HTML injection vulnerability has been discovered in PHP TopSites. The issue occurs due to insufficient sanitization of user-supplied data. By injecting HTML code into the <body> tag of the description page, when submitting website, it may be possible to cause an administrator to edit or delete database entries. This issue will occur when an unsuspecting administrator loads the submitted description. This vulnerability also affects the 'edit.php' script. A vulnerability has been discovered in PHP TopSites. Due to invalid sanitization of user-supplied input by the 'help.php' script, it may be possible for an attacker to steal another users cookie information or other sensitive data. This issue can be exploited by constructing a malicious URL containing embedded script code as a 'help.php' parameter. When an unsuspecting user follows the link sensitive information, such as cookie-based authentication credentials may be obtained by the attacker. A weakness has been discovered in PHP TopSites. It has been reported that user's passwords are stored in plaintext and thus are visible to TopSites administrators. This poses a security risk as TopSite script users may use the same passwords on other systems. A vulnerability has been discovered in PHP TopSites. Due to insufficient sanitization of user-supplied data, it may be possible for an attacker to inject arbitrary SQL code into the 'edit.php' script. This issue can be exploited by constructing a malicious URL containing embedded SQL code as a 'edit.php' parameter. When an unsuspecting user follows the link, the SQL code may be executed in the context of the vulnerable script.
The application allows users to upload files to the server without any restrictions. An attacker can upload malicious files to the server and execute arbitrary code on the device. The application contains a hard coded backdoor that allows an attacker to gain unauthorized access to the device. The application is vulnerable to cross site request forgery attacks, command injection attacks, denial of service attacks, and information disclosure attacks. The application contains code that has been reused from other applications.
The vulnerability is a hard coded backdoor within the cgi binary '/cgibin/webproc'. This backdoor allows an attacker to execute arbitrary commands as root without authentication.
A buffer overflow vulnerability exists in GetGo Download Manager proxy options 5.3.0.2712, where a maliciously crafted response from a proxy can trigger an overflow. The victim must have a proxy selected in order to be vulnerable. The attacker can set the proxy IP of the host running the script and set the port of the proxy on GetGo under proxy settings. When the victim downloads any page or file, the program incorrectly parses the response and passes the request to the malicious host, triggering the overflow.
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing. Login, signup and other common incidents are logged into a PHP file in /logs/ directory with the given input. The vulnerable parameter is "page" which is used to include files from /pages/ directory. The parameter is not sanitized and can be used to include remote files.
This module exploits command injection vulnerability. Unauthenticated users can register a new account and then execute a terminal command under the context of the root user. The specific flaw exists within the Xplico, which listens on TCP port 9876 by default. The goal of Xplico is extract from an internet traffic capture the applications data contained. There is a hidden end-point at inside of the Xplico that allow anyone to create a new user. Once the user created through /users/register endpoint, it must be activated via activation e-mail. After the registration Xplico try to send e-mail that contains activation code. Unfortunetly, this e-mail probably not gonna reach to the given e-mail address on most of installation. But it's possible to calculate exactly same token value because of insecure cryptographic random string generator function usage. One of the feature of Xplico is related to the parsing PCAP files. Once PCAP file uploaded, Xplico execute an operating system command in order to calculate checksum of the file. Name of the for this operation is direclty taken from user input and then used at inside of the command without proper input validation.
The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in version < 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerability.
Spectre is a vulnerability that affects modern microprocessors that perform branch prediction. It allows an attacker to potentially read all memory, including memory allocated to the kernel and other programs. The attack works on Intel, AMD, and ARM processors. It was discovered by Google Project Zero and was publicly disclosed on January 3, 2018.
This vulnerability allows an attacker to retrieve information from the database. Vulnerable parameter: '$model.jobHistoryId'. Exploit: True Condition: https://[victim]:4000/xDashboard/html/jobhistory/jobDocHistoryList.action?model.jobHistoryId=1736687378927012979202234841133 and 1=1 False Condition: https://[victim]:4000/xDashboard/html/jobhistory/jobDocHistoryList.action?model.jobHistoryId=1736687378927012979202234841133 and 1=2
IOHIDeous is a macOS kernel exploit based on an IOHIDFamily 0day. It consists of three parts: poc, leak and hid. Poc panics the kernel to demonstrate the present of a memory corruption, leak leaks the kernel slide, and hid achieves full kernel r/w. Usage of the exploit requires root and SIP to be disabled, and it can be built using the make command.