The configuration files for the RealOne Player are installed in a hidden folder in a user's home directory. These configuration files have insecure permissions, allowing an attacker in the same group as the target user to modify the files and escalate privileges to that of the target user. The exploit involves modifying the path to shared libraries and writing malicious shared libraries.
A vulnerability has been reported for various Roger Wilco server releases. The problem occurs server-side, and can be triggered when processing malformed client packets. Specifically, when connecting to a server the Roger Wilco client transmits a packet containing the size of data to be copied into an internal buffer. As a result, a malicious user could modify the size to result in excessive data being copied into a previously allocated buffer. This could ultimately allow for sensitive server memory to be corrupted, potentially resulting in the execution of arbitrary code.
Due to insufficient input validation, an unauthenticated attacker can disclose arbitrary local files with the privileges of the webserver. This includes the user/administrator database. As the attacker-controlled path is passed to the PHP include() function, code execution is also possible. Furthermore, the path is then passed to the unlink() function and therefore can be used to delete arbitrary files in the filesystem.
The 'username' parameter in the 'kingchat.php' file of the KingChat MyBB plugin is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL code into the 'username' parameter, which is not properly sanitized.
This exploit takes advantage of a buffer overrun vulnerability in Ipswitch WS_FTP Server when handling the APPE and STAT FTP commands. An FTP user can send excessive input to these commands, potentially executing arbitrary code on the server or causing a denial of service.
A denial of service vulnerability has been alleged in ZoneAlarm. It is reportedly possible to reproduce this condition by sending a flood of UDP packets of random sizes to random ports on a system hosting the vulnerable software.
This exploit adds a new admin user by taking advantage of a stack overrun vulnerability and the ability to create trigger files in MySQL. The attacker needs to have 'file' privileges for the target system and be able to create files owned by the 'mysql' user. By creating a trigger file with the attached user set as 'root@localhost', the exploit is able to execute commands with admin privileges. The exploit involves crashing the MySQL server to force it to recognize the trigger file and then creating a new user with all privileges enabled.
Monop, included in bsd-games, is prone to a locally exploitable buffer overrun vulnerability. This vulnerability is due to insufficient bounds checking of player names. Monop is typically installed setgid games, so it is possible to exploit this issue to execute arbitrary code with these privileges.
The srcpd commands in srcpd version 2.0 and earlier are vulnerable to stack-based buffer overflow attacks. This vulnerability allows an attacker to run arbitrary code on a vulnerable host by exploiting the lack of boundary checking in the affected functions.
The vulnerability allows a local attacker to gain unauthorized access to potentially sensitive information by exploiting the dlopen() function in PHP source when used with the Apache web server. The attacker can dump the processes memory into /tmp, which can be useful for various purposes.
Services By CQR