Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
Two command injection vulnerabilities have been discovered in the official Easy FTP Pro v4.2 iOS mobile application. The vulnerabilities allow remote attackers to inject their own commands by exploiting misconfigured stored system/device values to compromise the application.
The application fails to properly sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user, potentially stealing authentication credentials and launching further attacks.
Attackers can exploit these vulnerabilities to steal authentication credentials, gain unauthorized access, bypass security restrictions, disclose sensitive information, or cause denial-of-service conditions.
The Antz toolkit module for CMS Made Simple is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input.An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected site.
This is POC and demonstrates a new method of DoS. The idea behind it is that the attacker generates connection requests to a list of hosts which have a TCP service running such as http (80), telnet (23) etc. from the ip of the victim host. This will result all of the hosts that the victim requested connections to send back packets (usually SYN-ACK's) 2-3 of them (amplification comes here!) causing load to the victim by cauzing the victim to send RST packets since it never actually requested any such connection. This attack is dangerous since its almost impossible to filter!!
A local file inclusion vulnerability in CMS Made Simple 1.8 can be exploited to include arbitrary files.
The Download Manager module for CMS Made Simple is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
dotDefender fails to restrict malicious data from reaching protected sites, allowing remote attackers to bypass security restrictions and launch cross-site scripting attacks.
Services By CQR