MyPage plugin (phpBB) is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information from the database. The vulnerable parameter is 'id' which is passed to the 'mypage.php' script. An attacker can inject malicious SQL code into the 'id' parameter and execute it on the database. The vulnerable versions are 0.2.3 and older.
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of the database and/or expose sensitive information.
This module exploits an arbitrary command execution vulnerability in Family Connections 2.7.1. It's in the dev/less.php script and is due to an insecure use of system(). Authentication isn't required to exploit the vulnerability but register_globals must be set to On.
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of the database and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.
Meditate Web Content Editor is prone to a SQL-Injection vulnerability. An attacker can exploit this vulnerability by sending a malicious POST request to the target with the 'username_input' parameter set to a malicious SQL injection string.
SopCast is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full control) for the 'Everyone' group, for the 'Diagnose.exe' binary file which is bundled with the SopCast installation package.
SopCast suffers from a stack-based buffer overflow vulnerability when parsing the user input using the SoP protocol in sopocx.ocx module allowing the attacker to gain system access and execute arbitrary code on the affected machine. The issue is triggered when adding 514 bytes of string to the sop:// protocol (GET), causing the app to open the link (channel) and crashing. The application will crash even with 'sop://[anything]' because it fails to properly sanitize and handle the uri segment, but with exactly 514 bytes the stack gets overflowed, poping out the Buffer Overrun error box. Unsuccessful atempts causes denial of service scenario. You can also edit the '<address>' element in the favorites.xml file as the attack vector.
dsk_mgr.cgi allows execute reboot via POST request with parameter cmd=FMT_restart. system_mgr.cgi allows execute reboot via POST request with parameter cmd=cgi_restart or cmd=cgi_reboot. system_mgr.cgi allows execte shutdown via POST request with parameter cmd=cgi_shutdown. wizard_mgr.cgi allows to reset the firmware to default settings via POST request with parameter cmd=cgi_wizard.
NJStar Communicator 3.0 MiniSmtp is vulnerable to a buffer overflow attack. The vulnerability is caused due to a boundary error when handling SMTP commands. This can be exploited to cause a stack-based buffer overflow by sending an overly long, specially-crafted SMTP command to the affected application. Successful exploitation may allow execution of arbitrary code.
This module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectible address, thus allowing arbitrary code execution. This module works on multiple Windows platforms including: Windows XP SP3, Windows Vista, and Windows 7.
Services By CQR