Many developers log information to the android log. Sometimes sensitive data as well. With output of logcat, Hacker can get "Firebase token" which used in PUT request to /players/meAndCheckAppVersion
An attacker can use the 'SQLi' attack method on many places.
This exploit takes advantage of a cross-site request forgery (XSRF) vulnerability in Sharetronix CMS version 3.6.2. By tricking a user into visiting a malicious website, an attacker can perform actions on behalf of the victim without their consent or knowledge. In this specific exploit, the attacker submits a form with hidden fields that contain malicious code to the target Sharetronix CMS installation, causing it to execute the code and display an alert box.
Skia's SkTDArray does not perform integer overflow checks in several places, leading to potential integer overflows. This can result in memory allocation issues and out-of-bounds writes.
The CrossSite class is used for passing JavaScript variables across different contexts. Chakra is trying to wrap every variable being passed from one context to another to prevent unexpected behaviors like Use-After-Free. However, there is a bug in the code that allows fetching the 'opt' function from a different context without it being wrapped, leading to Use-After-Free vulnerability.
The plugin allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea.
The backend of the Content Server is prone to permanent and reflected Cross-Site Scripting attacks. The vulnerability can be used to include HTML- or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site. The vulnerability can be used to change the contents of the displayed site, redirect to other sites or steal user credentials. Additionally, Portal users are potential victims of browser exploits and JavaScript Trojans.
This exploit allows an attacker to disclose the user password and username by injecting SQL queries. The vulnerability is located in the /infusions/calendar_events_panel/show_single.php file on line 27. The vulnerability is unpatched and can be exploited by sending a specially crafted HTTP request. The exploit requires the site URL, path, and user ID as input parameters.
The EDraw Office Viewer Component 5.3 is vulnerable to a remote Buffer Overflow in the "FtpDownloadFile()" function. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable component, leading to arbitrary code execution.
Using the directory of /admin/management.shtml, it is possible to access directly System Management without authentication. The attacker has the right to change User ID, Password for General User, User ID, and Password for Admin.
Services By CQR