KubeSupport is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
1. Hardcoded cookie to access the admin section: The file storlib.js contains a function get_cookie() which checks for the presence of a hardcoded cookie 'LoginUser=admin' in the document's cookies. If the cookie is not found, it redirects to the index.html page. This allows an attacker to bypass authentication by setting the cookie manually.2. Authentication bypass: By creating the cookie 'LoginUser=admin' and accessing specific URLs, an attacker can gain access to admin features such as enabling/disabling the Telnet server and managing users.
This exploit allows an attacker to perform a remote BLIND SQL injection attack on the Links Management Application V1.0 (lcnt) script. By exploiting this vulnerability, an attacker can retrieve the admin username and password.
The Gallery XML Joomla! component is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database; by using directory-traversal strings to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks.
An attacker can exploit this vulnerability in Chrome Engine 4 to crash the affected server, leading to denial-of-service conditions.
Firebook is prone to multiple cross-site scripting vulnerabilities and directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and other harvested information may aid in launching further attacks.
TurboFTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to download or upload arbitrary files outside the root directory. This may aid in further attacks.
Ceica-GW is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The 2daybiz Network Community Script is vulnerable to an SQL injection and cross-site scripting vulnerability. These vulnerabilities occur due to insufficient sanitization of user-supplied data. An attacker can exploit these issues to steal authentication credentials, compromise the application, access or modify data, or exploit other vulnerabilities in the underlying database.
Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
Services By CQR