wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script "viewAttachment.cgi" accepts the parameter "file". The value of this parameter is passed to the open() function as the filename argument without being sanitized. Attackers may cause any file on the filesystem to open by specifying its relative path using directory traversal characters.
A vulnerability has been discovered in Traceroute-nanog. It has been reported that Traceroute-nanog contains a buffer overflow condition. The overflow occurs in the 'get_origin()' function in the 'traceroute.c' file. Due to insufficient bounds checking performed by the whois parser, it may be possible to cause 'get_origin()' to corrupt memory on the system stack. This vulnerability can be exploited by an attacker to gain root privileges on a target host. My technique was to write my own malicious server that would inject a carefully crafted response to traceroute's query, triggering the overflow and letting me obtain local r00t access.
Light httpd is prone to a remotely exploitable buffer overflow condition. This overflow can be triggered by sending the server an excessively long GET request. As Light httpd drops user privileges when running, exploitation of this issue may result in the execution of arbitrary attacker-supplied commands with the privileges of the 'nobody' user.
When a DNS lookup is requested on a non-existant sub-domain of a valid domain and an OPT resource record with a large UDP payload is attached, the server may fail.
A buffer overflow vulnerability has been reported for the Hotfoon dialer. The vulnerability exists in a text input field for dialing telephone numbers. Reportedly, Hotfoon4.exe does not adequately perform boundary checks on this field. It is possible to crash the service and execute code.
httpbench may disclose the contents of web server readable files to remote attackers. Information obtained in this manner may be used to launch further, destructive attacks against a vulnerable system.
It has been reported that the packager fails to use absolute paths to execute system commands. This could potentially allow an attacker to trick the program into running a trojaned binary. Because the vulnerable packager is installed setuid root by default, this could allow a local attacker to take complete control over a system.
Simple Web Server is vulnerable to a directory traversal attack due to improper sanitization of web requests. By adding a slash-slash sequence ('//') to a URI, an attacker can bypass access controls and disclose files on the vulnerable web server.
It has been reported that LiteServe fails to sanitize query strings from indexed folders. It is possible for an attacker to exploit this issue by constructing a malicious link, containing encoded HTML and script code. When the malicious link is clicked by an unsuspecting user, the attacker-supplied HTML and script code will be executed by their web client. Attacks of this nature may make it possible for attackers to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.
A remotely exploitable buffer overflow has been discovered in a component included with CGIEmail. By sending a maliciously constructed GET request to the vulnerable server, it is possible for a remote attacker to overrun a buffer, potentially resulting in the execution of arbitrary system commands with the privileges of the mail server.
Services By CQR
