Sefrengo CMS v1.6.1 is vulnerable to multiple SQL injection vulnerabilities. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP POST request to the vulnerable file /backend/external/phplib/ct_sql.inc, with the vulnerable parameter $id. This will allow the attacker to execute arbitrary SQL commands on the underlying database.
A vulnerability in Symantec Altiris Agent allows an attacker to gain arbitrary write privilege escalation. The vulnerability is due to the driver not being signed, no file version set, no product version set, no product name set. The driver looks like has one main task is to retrieve configuration information about the hardware using the HalGetBusData function. If it cannot retrieve configuration information it sends the 'ScottWroteThis!' string to the output buffer. This string was posted online in 2006.
A privilege escalation vulnerability exists in Trend Micro Multiple Products due to improper validation of user-supplied input. An attacker can exploit this vulnerability to gain elevated privileges on the affected system.
HP Data Protector 8.x is vulnerable to remote command execution. An attacker can send a specially crafted packet to the Data Protector service on port 5555/tcp and execute arbitrary commands with root privileges. This vulnerability was discovered by Juttikhun Khamchaiyaphum and was assigned CVE-2014-2623.
Exim ESMTP DoS Exploit by 1N3 is a proof-of-concept exploit for a buffer overflow vulnerability in Exim versions 4.80 and below. The vulnerability is caused by a buffer overflow in the glibc gethostbyname function. The exploit sends a maliciously crafted HELO command to the Exim SMTP server, which causes the server to crash.
A sql injection web vulnerability has been discovered in the NPDS CMS - NPDS-Revolution-13. The vulnerability allows an attacker to inject sql commands by usage of a vulnerable value to compromise the application dbms. The sql injection vulnerability is located in the `query` parameter of the vulnerable `search.php ` application file. Remote attackers are able to inject own sql commands by usage of vulnerable `search.php ` file. A successful attack requires to manipulate a POST method request with vulnerable parameter `query` to the vulnerable file.
Remote Command Injection vulnerabilities occur when user supplied input is used directly as a command line argument to a fork(), execv() or a CreateProcessA() function. It was found that the binary /usr/bin/pgpsysconf calls the binary /usr/bin/pgpbackup with unfiltered user supplied input when restoring a Database Backup from the Symantec Encryption Management Web Interface. The user supplied 'filename' value is used directly as a command argument, and can be concatenated to include additional commands with the use of the pipe character. This can allow a lower privileged Administrator to compromise the Encryption Management Server.
When passing an overlong string to the ActiveX object's 'SetText' method, a buffer overflow in the data section occurs. It allows overwriting a subsequent pointer that can be used in a controlled memcpy when dispatching the object's 'SetFontName' method. With this arbitrary write, array structures can be manipulated to gain access to complete process memory. Equipped with this capability, necessary information can be leaked and manipulated to execute arbitrary code remotely.
Multiple vulnerabilities have been found in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets. These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the system, and execute arbitrary code with superuser privileges.
The tcpip.sys driver fails to sufficiently validate memory objects used during the processing of a user-provided IOCTL. By crafting an input buffer that will be passed to the Tcp device through the NtDeviceIoControlFile() function, it is possible to trigger a vulnerability that would allow an attacker to elevate privileges. This vulnerability was discovered while fuzzing the tcpip.sys driver.
Services By CQR