Confirmation that SiteScape servers are vulnerable to TCL injection allowing remote code execution through TCL payloads. SecureState has released proof of concept exploit code for this vulnerability.
The NtUserLoadKeyboardLayoutEx function in Windows allows an attacker to inject shellcode into a process by manipulating the offTable parameter. By passing a specially crafted value for offTable, an attacker can cause the function to execute arbitrary code.
This exploit allows an attacker to perform a remote SQL injection attack on ASPPortal version 3.1.1. It takes advantage of a vulnerability in the 'download_click.asp' script to execute arbitrary SQL queries and retrieve sensitive information from the database.
The exploit takes advantage of a file inclusion vulnerability in the Lotus CMS Fraise v3.0. The vulnerability exists in lines 15-23 of the core/lib/router.php file. The CMS also allows an attacker to inject malicious content by commenting on blog posts. The exploit includes proxy support, dynamic User-agent generation, Apache access log and Lotus blog comment injection routines, and custom shell creation and deletion.
TinyBB Version 1.2 is vulnerable to SQLi. The exploit can be performed by appending ' or 'a'='a to the profile ID parameter in the URL.
This exploit causes a denial of service (DoS) by triggering an unhandled exception in the JPEG2000.dll module of IrfanView 4.28. It occurs due to an integer division by zero.
This exploit takes advantage of an underflow vulnerability in the Linux kernel to escalate privileges from CAP_SYS_ADMIN to root. It uses a different approach than the original exploit, by underflowing to static values inside the kernel that are referenced as pointers to userspace. This method is simple and reliable.
Winamp 5.5.8.2985 with the in_mod plugin is vulnerable to a stack overflow (SEH) exploit. This exploit allows an attacker to execute arbitrary code on a Windows XP SP3 system that is fully patched. The exploit was discovered and documented by fdiskyou and can be found on the Exploit-DB website (http://www.exploit-db.com/exploits/15248/). The exploit uses a payload that sets up a reverse TCP shell on the attacker's machine. The exploit code and proof-of-concept were released by fdiskyou. This version of the exploit includes proper shellcode and addresses a previously incomplete release. Further references and related exploits can be found on the Exploit-DB website (http://www.exploit-db.com/winamp-exploit-part-2/ and http://www.exploit-db.com/exploits/15287/). Special thanks are given to Mighty-D, Ryujin, and the Exploit-DB Dev Team.
The vulnerability allows remote attackers to cause a denial of service (DoS) condition on the target system. By sending a specially crafted packet to the RDS service, the program exits due to memory allocation failure. The vulnerability is caused by a flaw in the _ncp32.dll and _rm32.dll files. The _ncp32.dll file receives the packet and uses the _rm32.dll file to allocate memory. However, when the packet size is too big, the malloc function fails to allocate the required memory, causing the program to exit. This vulnerability has been tested on Windows XP SP2 and Windows XP SP3.
The elxis-cms/index.php and elxis-cms/index2.php files in elxis_2009.2_electra_rev2631 allow remote attackers to include arbitrary files via a mosConfig_absolute_path parameter.
Services By CQR