Cross-Site Request Forgery vulnerability in the e107_admin/download.php page, which is also vulnerable to SQL injection in the POST form. The e-token or ac tokens are not used in this page, which results in the CSRF vulnerability. This in itself is not a major security vulnerability but when done in conjunction with a SQL injection attack it can result in complete information disclosure. The parameters which are vulnerable to SQL injection on this page include: download_url, download_url_extended, download_author_email, download_author_website, download_image, download_thumb, download_visible, download_class. The following is an exploit containing javascript code that submits a POST request on behalf of the administrator once the page is visited. It contains a SQL injection that would provide the username and password (in MD5) of the administrator to be added to the Author Name of a publicly available download.
The Mathopd web server is prone to a remote buffer overflow vulnerability. This vulnerability occurs due to a failure to check the bounds of a buffer storing user-supplied input. An attacker can exploit this vulnerability to execute arbitrary instructions on the affected system, with the privileges of the web server process.
A format string vulnerability has been reported in the Unreal Tournament server engine. The vulnerability occurs due to a failure of the server application to properly sanitize user-supplied network data. This vulnerability could allow an attacker to execute arbitrary code on the system where the affected server software is implemented, potentially leading to a complete compromise of the system.
This module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user.
hsftp has been found to be prone to a remote print format string vulnerability. This issue is due to the application improper use of a format printing function. Ultimately this vulnerability could allow for execution of arbitrary code on the system implementing the affected software, which would occur in the security context of the server process.
A privilege escalation vulnerability exists in the Dell TrueMobile 1300 Wireless System Tray Applet. The software starts with SYSTEM privileges to enable access to the wireless hardware but fails to drop them. This allows a local attacker to manipulate the GUI of the application to spawn arbitrary processes with the privileges of the affected process.
Multiple buffer overflow vulnerabilities exist in the environment variable handling of LBreakout2. The issue is due to an insufficient boundary checking of certain environment variables used by the affected application. A malicious user may exploit this condition to potentially corrupt sensitive process memory in the affected process and ultimately execute arbitrary code with the privileges of the game process.
This module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the qp2.dll installed with the IBM Lotus Quickr product. This module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with the qp2 ActiveX.
SmallFTPD is prone to a remote denial of service vulnerability. This issue is due to the application failing to properly validate user input. Successful exploitation of this issue may cause the affected server to crash, denying service to legitimate users. It has been conjectured that this issue may be due to a boundary management problem that may lead to arbitrary code execution, however this has yet to be verified.
The vulnerability occurs in Sami HTTP server due to insufficient bounds checking when handling GET requests. An attacker can exploit this vulnerability to corrupt sensitive data, such as a return address, and gain control over the program's execution flow. This can lead to the execution of arbitrary code and potential denial of service.
Services By CQR