RSVP Invitation Online 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious HTML page that when visited by an authenticated user, can update the admin password without the user's knowledge. This can be done by sending a POST request to the account.php page with the new password and confirmation parameters.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/search/?q=&price_type=range&price=[SQL] %31%30%30%20%61%6e%64%28%73%65%6c%65%63%74%21%56%65%72%41%79%61%72%69%2d%7e%30%2e%20%66%72%6f%6d%28%73%65%6c%65%63%74%28%73%65%6c%65%63%74%20%67%72%6f%75%70%5f%63%6f%6e%63%61%74%28%56%65%72%73%69%6f%6e%28%29%29%29%79%29%78%29
The vulnerability allows an attacker to inject sql commands into the vulnerable parameter 'company_id' of the 'index.php' page.
The gzipped telephone system configuration file 'config.gz' or 'config.pcpx' that contains the unencrypted data file 'conf.pcpn', can be downloaded by an attacker from the root directory if previously generated by a privileged user. Attacker can also sniff the network and hijack the session id which resides in a GET request to further generate the config file. The sessionid can also be brute-forced because of its predictability containing 5-digit number. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation, system access and denial of service via config modification.
This exploit is used to gain privilege escalation on HP Connected Backup version 8.8.2.0 on Windows 7 x64. It involves copying cmd.exe to a world-writeable folder, creating a backup for the file, and then using the backup to gain privilege escalation.
A vulnerability in RAVPower devices allows an attacker to remotely disclose the stack memory of the device. This is achieved by sending a specially crafted HTTP request to the device, which contains a large number of '%0a' characters. This causes the stack memory to be returned in the response.
A remote sql-injection web vulnerability has been discovered in the official CentOS Web Panel v0.9.8.12 web-application. The vulnerability allows remote attackers to inject own malicious sql commands to compromise the connected web-server or dbms. The sql-injection vulnerability is located in the `row_id` and `domain` value of the `Add a domain` moudle. Remote attackers are able to inject own malicious sql commands to compromise the web-application or connected dbms.
NCH Software MixPad is vulnerable to a buffer overflow vulnerability when a specially crafted file is opened. This can be exploited to execute arbitrary code by corrupting memory. The vulnerability is caused due to a boundary error when processing a specially crafted file. This can be exploited to cause a stack-based buffer overflow by writing past the end of an allocated fixed-length buffer.
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
A Denial of Service vulnerability exists in phpFreeChat 1.7 and earlier. An attacker can send a specially crafted request to the vulnerable server to cause a denial of service. This vulnerability is caused due to an error in the handling of the 'cmd' parameter in the 'handleRequest' function in 'index.php', which can be exploited to cause a denial of service.
Services By CQR