This is a 0day exploit that targets a heap overflow vulnerability in Internet Explorer's COM Object. It allows an attacker to execute arbitrary code and download and execute a file on the victim's machine. The exploit is written in C and uses a shellcode to achieve code execution.
Multiple vulnerabilities in Banana Dance allow for gaining access to sensitive information, performing SQL injection attacks, and compromising the vulnerable system. The PHP File Inclusion vulnerability (CVE-2012-5242) allows for arbitrary file inclusion via improper verification of input passed via the 'name' POST parameter in '/functions/ajax.php'. The Improper Access Control vulnerability (CVE-2012-5243) allows unauthenticated users to access the '/functions/suggest.php' script and read arbitrary information from the database.
The YeaLink IP Phone SIP-TxxP firmware version 9.70.0.100 and lower is vulnerable to multiple vulnerabilities. The first vulnerability allows an unprivileged user to enable Telnet on the phone by posting directly to the ConfigManApp.com page. The default user 'user' with password 'user' can exploit this vulnerability. Additionally, a CSRF attack can also enable Telnet on the phone. The second vulnerability is the presence of default telnet shell users with hardcoded usernames and passwords in the firmware. After enabling telnet, shell access can go unnoticed.
This vulnerability allows an attacker to upload a shell ASP file to the SelectSurvey CMS (ASP.NET) application, which can lead to remote code execution.
Windows FTP Server is prone to a remote format string vulnerability when processing a malicious request from a client. The vulnerability presents itself when the server receives a malicious request containing embedded format string specifiers from a remote client when supplying a username during FTP authentication. This could be exploited to crash the server but could also theoretically permit corruption/disclosure of memory contents and execution of arbitrary code.
The exploit causes IDA Pro 6.3 to crash due to an internal error. The root cause of the problem is the lack of validation to verify if e_shstrndx > e_shnum before referencing it.
This module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitary commands.
A vulnerability has been identified in the YaSoft Switch Off software package when handling message requests. The buffer overrun condition exists in the 'swnet.dll' module of the software due to insufficient bounds checking performed by the affected component. The overflow may be caused by sending an excessively long 'message' parameter to the application. This may make it possible for a remote user to execute arbitrary code through a vulnerable server.
The vulnerability allows a local user to cause a denial of service (DoS) condition on the target system. This can be achieved by specifying a large password for a SecKeychainUnlock() call. The SecurityServer crashes during a memory copy operation, potentially leading to memory corruption. Although unconfirmed, this could potentially allow for the execution of arbitrary code.
The Apache mod_php module is prone to a vulnerability that may allow a local attacker to gain access to privileged file descriptors. This vulnerability can be exploited by a local attacker to pose as a legitimate server and potentially steal or manipulate sensitive information.
Services By CQR