Multiple persistent validation web vulnerabilities has been discovered in the official CentOS Web Panel v0.9.8.12. The vulnerability allows remote attackers to inject own malicious script codes to the application-side of the affected vulnerable modules. The vulnerabilities are located in the `id` and `email_address` value of the `/admin/index.php` and `/admin/edit_user.php` modules. Remote attackers are able to inject own malicious script codes to the application-side of the vulnerable modules.
The vulnerability allows remote attackers to inject own malicious script codes on the application-side of the vulnerable shopware 5.2.5 & 5.3 cms. The persistent cross site scripting vulnerability is located in the `name` and `description` value of the `s_articles_attributes` table. Remote attackers are able to inject own malicious script codes to the vulnerable `name` and `description` value of the `s_articles_attributes` table. The request method to inject is POST and the attack vector is located on the application-side. The persistent vulnerability is also located in the `name` and `description` value of the `s_articles_attributes_options` table. The security risk of the persistent cross site scripting web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 4.4. Exploitation of the persistent cross site scripting web vulnerability requires no privileged web-application user account and low user interaction. Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects and persistent manipulation of affected or connected module context.
Attackers can place malicious files outside intended target directories if tricked into importing corrupt .WAR or .EAR archives. Later, attackers can potentially request these scripts/files to execute system commands on affected target.
This exploit allows an attacker to upload arbitrary files to a vulnerable DarkComet server. The vulnerability exists in the way the server handles file uploads. The attacker can use the ‘FILETRANSFER’ command to upload a malicious file to the server, which can then be executed remotely. The exploit is written in Python and uses the Crypto.Cipher library to encrypt and decrypt data sent to and from the server.
The D-Link DNS-325 ShareCenter is vulnerable to an unrestricted file upload vulnerability due to the misuse and misunderstanding of the PHP gethostbyaddr() function. This vulnerability allows an attacker to upload malicious files to the server, which can then be used to execute arbitrary code.
A command injection vulnerability exists in the D-Link DNS-343 ShareCenter <= 1.05. The vulnerability exists due to insufficient sanitization of user-supplied input passed via the "mail_server" parameter to the "/maintenance/test_mail.asp" script. An attacker can exploit this vulnerability to execute arbitrary commands with root privileges.
Help Center Live is a `Live` help desk system written in PHP using a MySql database backend that features Live Support, Trouble Tickets and FAQ within one project. This is a very popular application, especially with webhosts and other services. Unfortunately Help Center Live is vulnerable to Sql injection, Script Injection, and Cross Site Scripting attacks, but the most serious of the vulnerabilities mentioned (The SQL Injection attacks) require magic_quotes_gpc to be set to off. Cross site scripting exists in Help Center Live. This vulnerability exists due to user supplied input not being checked properly. There are several script injection vulnerabilities in Help Center Live that allows an attacker to force a logged in operator to run malicious code in their browser.
There lies a vulnerability in all version of Invision Power Board that allow a user to spoof his/her IP address by creating a bogus X_FORWARDED_FOR HTTP Header entry. This condition can also be caused by a user unknowingly if they use a proxy to access the internet. For example, private LAN based IP's will be logged which are impossible to trace.
PHPX is vulnerable to Cross Site Scripting (XSS) due to insufficient sanitization of user-supplied input. An attacker can inject malicious JavaScript code into the application, which will be executed in the browser of an unsuspecting user.
OpenBB is prone to Cross Site Scripting in multiple files. This may allow an attacker to run code in the context of a users browser, or used to harvest sensitive information from a user such as cookie information. It may be possible for an attacker to execute arbitrary SQL queries due to user supplied input not being properly sanitized.
Services By CQR