A SQL Injection vulnerability was discovered in Joomla Component Jobprofile (com_jobprofile). An attacker can exploit this vulnerability to gain access to sensitive information from the database. The vulnerable parameter is ‘id’ which is not properly sanitized before being used in an SQL query. An attacker can inject arbitrary SQL code into the ‘id’ parameter to gain access to sensitive information from the database.
This module exploits a stack buffer overflow in the site chmod command in versions of Serv-U FTP Server prior to 4.2. You must have valid credentials to trigger this vulnerability. Exploitation also leaves the service in a non-functional state.
The vulnerability is caused due to improper validation to Read Request containing '../' sequences, which allows attackers to read arbitrary files.
The vulnerability is caused due to improper validation of WRITE/READ Request Parameter containing long file name, which allows remote attackers to crash the service.
This exploit is for CoDeSys v2.3 Industrial Control System Development Software. It is a remote buffer overflow exploit for CoDeSys Scada webserver. It is tested on WinXP SP1 EN. It sends a payload to the SCADA system and then connects to port 4444 to get a shell.
Security-Assessment.com has discovered a file format vulnerability in the XML files used to describe frames in the StoryBoard Quick 6 software. The <string> element used to define a filename was found to be vulnerable to a buffer overflow, which can be exploited to execute arbitrary code under the context of the user running StoryBoard Quick 6. Supplying a long file name causes memory corruption within the application. By crafting a file that contains more than 507 characters in the <string> field, the StoryBoard Quick 6 application will use the next 4 characters in an unsafe manner. These four characters are used as a pointer to the source address for a string copy function. It is possible to write user-supplied data onto the stack by changing the value of these 4 characters to a memory location containing a pointer to data within the Frame.xml file. This strcpy function overwrites a significant portion of the stack, including the Structured Exception Handler.
Security-Assessment.com discovered a remote stack buffer overflow vulnerability in a network daemon that ships with Avid Media Composer 5.5, named AvidPhoneticIndexer.exe. By sending a large request to the listening network service, it is possible to overwrite the stack of the process and gain arbitrary code execution.
A Directory Traversal vulnerability in Serv-U FTP Server allows an attacker to traverse outside the root directory of the FTP server. This can be exploited to gain access to sensitive files and directories outside the root directory of the FTP server.
This exploit is a remote root exploit for x86/amd64 bsd ftpd. It was found by Kingcope and tested against FreeBSD-8.2,8.1,7.2,7.1 i386; FreeBSD-6.3 i386; FreeBSD-5.5,5.2 i386; FreeBSD-8.2 amd64; FreeBSD-7.3, 7.0 amd64; FreeBSD-6.4, 6.2 amd64.
This bug was found by Patrik Karlsson and sold to ZDI. IBM make fix for this bug, but not enough. So this sploit can make auth. bypass in Lotus Domino Controller even with patch from IBM. So still 0day. Details can be found at http://dsecrg.com/pages/pub/show.php?id=41. The exploit involves making a port-fwd from 127.0.0.1:2050 to REMOTE_TARGET:2050, injecting XML into IIS log file, and running a script from a local web-server.
Services By CQR