Exim ESMTP DoS Exploit by 1N3 is a proof-of-concept exploit for a buffer overflow vulnerability in Exim versions 4.80 and below. The vulnerability is caused by a buffer overflow in the glibc gethostbyname function. The exploit sends a maliciously crafted HELO command to the Exim SMTP server, which causes the server to crash.
A sql injection web vulnerability has been discovered in the NPDS CMS - NPDS-Revolution-13. The vulnerability allows an attacker to inject sql commands by usage of a vulnerable value to compromise the application dbms. The sql injection vulnerability is located in the `query` parameter of the vulnerable `search.php ` application file. Remote attackers are able to inject own sql commands by usage of vulnerable `search.php ` file. A successful attack requires to manipulate a POST method request with vulnerable parameter `query` to the vulnerable file.
Remote Command Injection vulnerabilities occur when user supplied input is used directly as a command line argument to a fork(), execv() or a CreateProcessA() function. It was found that the binary /usr/bin/pgpsysconf calls the binary /usr/bin/pgpbackup with unfiltered user supplied input when restoring a Database Backup from the Symantec Encryption Management Web Interface. The user supplied 'filename' value is used directly as a command argument, and can be concatenated to include additional commands with the use of the pipe character. This can allow a lower privileged Administrator to compromise the Encryption Management Server.
When passing an overlong string to the ActiveX object's 'SetText' method, a buffer overflow in the data section occurs. It allows overwriting a subsequent pointer that can be used in a controlled memcpy when dispatching the object's 'SetFontName' method. With this arbitrary write, array structures can be manipulated to gain access to complete process memory. Equipped with this capability, necessary information can be leaked and manipulated to execute arbitrary code remotely.
Multiple vulnerabilities have been found in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets. These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the system, and execute arbitrary code with superuser privileges.
The tcpip.sys driver fails to sufficiently validate memory objects used during the processing of a user-provided IOCTL. By crafting an input buffer that will be passed to the Tcp device through the NtDeviceIoControlFile() function, it is possible to trigger a vulnerability that would allow an attacker to elevate privileges. This vulnerability was discovered while fuzzing the tcpip.sys driver.
A buffer overflow vulnerability exists in UniPDF v1.1 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability to overwrite the SEH and nSEH pointers, resulting in a denial of service condition. To exploit this vulnerability, an attacker must create a malicious update.xml file containing a specially crafted string of data and copy it to the UniPDF application folder. When the application is run, the malicious string will be processed, resulting in a denial of service condition.
Gatekeeper is a feature available in OS X Lion v10.7.5 and later versions of OS X. Gatekeeper performs checks on files and applications downloaded from the Internet to prevent execution of supposedly malicious and untrusted/unsigned code. We found an attacker can bypass OS X Gatekeeper protections and execute unsigned malicious code downloaded by the user, even if OS X Gatekeeper is configured to only allow execution of applications downloaded from the Mac App Store (the highest security setting). The exploitation technique is trivial and requires Java to be installed on the victim's machine. OS X Gatekeeper prevents execution of downloaded Java Jar (.jar) and class (.class) files, but this verification is not performed when the files are executed using the Java Runtime Environment (JRE). An attacker can create a malicious Java Jar file, host it on a web server and send the URL to the victim.
ManageEngine Firewall Analyzer is an agent less log analytics and configuration management software that helps network administrators to centrally collect, archive, analyze their security device logs and generate forensic reports out of it. Directory Traversal: http://127.0.0.1/fw/mindex.do?url=./WEB-INF/web.xml%3f http://127.0.0.1/fw/index2.do?completeData=true&helpP=archiveAction&tab=system&url=./WEB-INF/web.xml%3f http://127.0.0.1/fw/index2.do?helpP=fim&link=0&sel=13&tab=system&url=./WEB-INF/web.xml%3f XSS: http://127.0.0.1/fw/index2.do?completeData=true&url=importedLogDetails" onmouseover%3dprompt(902321) bad%3d"
Different D-Link Routers are vulnerable to DNS change. The vulnerability exist in the web interface, which is accessible without authentication. Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable systems or devices who try to access certain sites are instead redirected to possibly malicious sites. Modifying systems' DNS settings allows cybercriminals to perform malicious activities like steering unknowing users to bad sites, replacing ads on legitimate sites, controlling and redirecting network traffic, and pushing additional malware.
Services By CQR