The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/pages/single_blog.php?id=[SQL] %31%20%20%2f%2a%21%31%33%33%33%37%55%4e%49%4f%4e%2a%2f%20%2f%2a%21%31%33%33%33%37%53%45%4c%45%43%54%2a%2f%20%31%2c%76%65%72%73%69%6f%6e%28%29%2c%33%2c%34%2c%35%2c%36%2d%2d%20%2d
The vulnerability allows an attacker download arbitrary file from the vulnerable Joomla! Component Jtag Members Directory 5.3.7. An attacker can send a specially crafted request to the vulnerable component in order to download arbitrary file.
The vulnerability implication allows an attacker to inject html code, edit ticket etc..
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
A vulnerability has been discovered in Gnew , which can be exploited by malicious people to conduct cross-site request forgery attacks. This can be used to get a privilege escalation on the targeted application.
DICOM Web Viewer is a component written in PHP. In version 6.6.2, it is vulnerable to SQL Injection. This allows unauthenticated remote attacker to execute arbitrary SQL commands and obtain private information. Admin credentials aren't required. The 'username' and 'email' parameters via POST are vulnerable.
DICOM Web Viewer is a component written in PHP that is part of PacsOne software. In version 6.6.2, it is vulnerable to local file inclusion. This allows an attacker to read arbitrary files that the web user has access to. Admin credentials aren't required. The 'path' parameter via GET is vulnerable.
A Denial of Service (DoS) vulnerability was discovered in Mujs, a lightweight Javascript interpreter, due to an interactive call between two functions. An attacker can exploit this vulnerability by sending a specially crafted JavaScript file to the interpreter, causing a stack overflow and resulting in a DoS condition. The vulnerability was fixed in commit 4d45a96e57fbabf00a7378b337d0ddcace6f38c1.
The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation. Inside the function js_strtod, after the line exp = -exp; the value of 'exp' is still negative (cause integer declaration).
This exploit allows an attacker to execute arbitrary code on a vulnerable BMC BladeLogic RSCD agent. It uses XMLRPC to send a request to the agent, which then executes the code. The exploit was tested on version 8.3.00.64 of the agent.
Services By CQR