PHP-Fusion is prone to SQL injection vulnerabilities in multiple PHP scripts. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
This exploit allows an attacker to include a remote file on the web server. The exploit is triggered when the vulnerable script does not properly sanitize user input, allowing an attacker to inject a malicious file into the web application.
MiniHTTPServer.NET 's Web Forum & File Sharing Server Power Pack 4 (latest version available for sale on their website http://www.minihttpserver.net/bbs/index.php ) has multiple vulnerabilities with their join.asp page a malicious person could send manipulated data within the 'FrmMailBox' or 'FrmUserPass' field to add an unverified account to the system's user database or to manipulate existing users. This could lead to information leaks on the server, sensitive information disclosure, or even system access and compromise.
Sending a large buffer (4080 bytes) in conjunction with the "MAIL FOR:" or "RCPT TO:" and other commands can cause a denial of service attack causing the application to crash, consume 99% CPU usage until the application is terminated or cause the host computer to stop responding entirely requiring a reboot. Additionally, a heap overflow attack vector is possible, sending a buffer greater than 4088 bytes causes EDI, EBX, and EAX and ECX to be overwritten with values of the malformed packet.
I encountered some problems during development: ESI and ESP points to our buffer, in a memory location that will be contaminated with some bytes after storing our data. result: I coulnt put shellcode directly here because it will be changed. So i had to write a short jmpback unicode-proof shellcode using venetian tecnique. Because of some unknown reasons i was not able to get a socket-based shellcode working.. in this exploit I use an ADD USER shellcode.
Zone Labs Zone Alarm is prone to a weakness that permits the bypassing of the Advanced Program Control protection. Reports indicate that applications can create a modal dialog box displaying HTML, which can then be redirected to a remote site. This would allow a malicious program to bypass Advanced Program Control protection and send data to a remote attacker from a compromised computer.
IPSwitch WhatsUp Small Business 2004 is prone to a directory traversal vulnerability. This vulnerability allows a remote attacker to gain access to files outside the Web root by sending a specially crafted HTTP request to the server. An example of such a request is http://[address of server]:8022/../../../../../../../../../../../boot.ini.
PHPcafe Tutorial Manager is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input. This issue may facilitate unauthorized remote access to the application in the context of the webserver. Passing a malicious URI to a script that uses a vulnerable version of Snoopy will result in a file containing the attacker's input.
Local exploitation of a design error vulnerability in version 4.6.1 of NSPR, as included with Sun Microsystems Solaris 10, allows attackers to create or overwrite arbitrary files on the system. The problem exists because environment variables are used to create log files. Even when the program is setuid, users can specify a log file that will be created with elevated privileges (CVE-2006-4842).
Services By CQR