Discovered a vulnerability in video_tags, vulnerability is SQL injection. link: http://localhost:80/tag <http://localhost/tag> vulnerability link: http://localhost:80/tag <http://localhost/tag>' http://localhost:80/tag'/index.php?id=1 <http://localhost/tag'/index.php?id=1> [GET][id=-1][CURRENT_USER() http://localhost:80/tag'/index.php?id=1[GET][id=-1][SELECT(CASE <http://localhost/tag'/index.php?id=1[GET][id=-1][SELECT(CASE> WHEN ((SELECT super_priv FROMmysql.user WHERE user='None' LIMIT 0,1)='Y') THEN 1 ELSE 0 END) http://localhost:80/tag'/index.php?id=1[GET][id=-1][MID((VERSION()),1,6) <http://localhost/tag'/index.php?id=1[GET][id=-1][MID((VERSION()),1,6)>
Zabbix version 1.8.3 and 1.8.4 has one vulnerability in the popup.php that enables an attacker to perform a SQL Injection Attack. No authentication required.
Koha Opac Local File Inclusion vulnerability allows an attacker to include a local file on the server by manipulating the 'KohaOpacLanguage' cookie parameter. By setting the 'KohaOpacLanguage' cookie parameter to '../../../../../../../../etc/passwd%00', an attacker can read the /etc/passwd file on the server.
A remote blind SQL injection vulnerability exists in PHP-Nuke <= 8.1.0.3.5b (Downloads) which allows an attacker to extract the MD5 hash of the administrator's password. This is achieved by sending a crafted HTTP request to the vulnerable server and measuring the response time. The attacker can then use this information to brute-force the MD5 hash of the administrator's password.
This PoC exploits a race condition in the bzexe script. It uses Inotify to win the race and creates an evil script to open a root shell. It is tested on Debian 6.0.3 with bzip2 version 1.0.5-6.
This module exploits a vulnerability found in Excel 2002 of Microsoft Office XP. By supplying a .xls file with a malformed OBJ (recType 0x5D) record an attacker can get the control of the excution flow. This results aribrary code execution under the context of the user.
This module exploits a stack based buffer overflow found in Free MP3 CD Ripper 1.1. The overflow is triggered when an unsuspecting user opens a malicious WAV file.
A buffer overflow vulnerability exists in Windows 7 when a specially crafted file is opened, which could allow an attacker to execute arbitrary code in the context of the current user.
Directory Traversal vulnerability was found in Jetty web server that is used by VMware Update manager. With this vulnerability, an non-authenticated attacker can read any file on the server (with rights of the process).
Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method.
Services By CQR