Input passed to the 'file_name' parameter in 'get2post.php' script is not properly sanitised before being used to get the contents of a resource and delete files. This can be exploited to read and delete arbitrary data from local resources with the permissions of the web server using a proxy tool.
b34289732116b4bcb2f1cc6baf7009b19a2cf9b4141f05c2872a8413c0e3056e
up.time suffers from a privilege escalation issue. A normal user can elevate his/her privileges by sending a POST request setting the parameter 'userroleid' to 1. Cross site request forgery can be used to exploit this attack.
7d8991bd1c8571696c4d5bc0528881855899add84755aee81553925cb1fb5cd5
up.time suffers from arbitrary command execution. Attackers can exploit this issue using the monitor service feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF, privilege escalation, arbitrary text file creation, and renaming that file to php you can execute system commands with SYSTEM privileges.
949580b449c0517f641c161c6b8c3484aee9aca17ee184db120e309739d67e3f
up.time version 7.5.0 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Multiple cross site scripting vulnerabilities were also discovered. The issue is triggered when input passed via the multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
90f994cc5cd98108a1348a7bdc9bb5646926787ce5ab51d82604ccd07d720675
When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations allows expanding of entities to local resources. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected.
69d5afa3639558f66a8f98807a33cbb05547e69350539f5291a75ad6c03267b4
SiteFactory CMS version 5.5.9 suffers from a directory traversal vulnerability.
e4ab1c3da31d5df71707d83aff72277e904feb00d2b2303509770774c51338d3
EMC Documentum D2 contains fail open vulnerability that could be exploited by malicious users to compromise D2. Versions 4.2 and below are affected.
899364e37cd67e01c0b2c948e748dbe613d041f7c0075d1ef3d101ee28ab4074
Microsoft HTA (HTML Application) suffers from a remote code execution vulnerability.
bbdb1ff7a0240544683ac43328710d675b6ca6730cc5f656f38cbceae8da9dd3
Vifi Radio version 1 suffers from a cross site request forgery vulnerability. Exploit to add administrator included.
11d68726482c4931dd8bc7f9412e5b40a7a7002254633c42a4116b2ca2be56fb
Vifi Radio version 1 suffers from a cross site request forgery vulnerability. Exploit to upload a shell included.
6e4d34f2dea11cbb4c459268cca16e9324f4452dfcc3d0ee46d37ee3d7f0c2d1
PDF Shaper version 3.5 suffers from a buffer overflow vulnerability.
1a862bd6f348439cf319bf9e523b76685ab407b894d14f0f8869b6561ddf0418
WebSolutions India Design CMS suffers from a remote SQL injection vulnerability.
c061545b9e430bd03eedcdc7c87c3bb0051c3de84e39af7ff0c47318939c2ae9
Multiple ChiefPDF software such as PDF to Image Converter and PDF to Tiff Converter suffer from a buffer overflow vulnerability.
ffed99b419802af6605e6b28fb1865cc96f61850767f2496d2612b3364bc82e0
Ubiquiti Networks suffers from a cross site scripting vulnerability.
a50cae4abbdd6321e36ece3542888a733c6cff6b46e247e0ef2451a3ed1e3697
This paper discusses an overflow in the DOUBLE data type in MySQL.
994da41348fedec81430a33635725f5ef5bf21eaded32a286053dfd2938cf982