This module exploits a code execution vulnerability in Mozilla Firefox 3.6.x <= 3.6.16 and 3.5.x <= 3.5.17 found in nsTreeSelection. By overwriting a subfunction of invalidateSelection it is possible to free the nsTreeRange object that the function currently operates on. Any further operations on the freed object can result in remote code execution. Utilizing the call setup the function provides it's possible to bypass DEP without the need for a ROP. Sadly this exploit is still either dependent on Java or bound by ASLR because Firefox doesn't employ any ASLR-free modules anymore.
Input passed to the 'pid' parameter in administrator/delete_page_parse.php is not properly sanitised before being used to delete files. This can be exploited to delete files with the permissions of the web server via directory traversal sequences passed within the 'pid' parameter.
Portix-CMS 1.5.0. rc5 is vulnerable to Local File Inclusion (LFI) attacks. An attacker can exploit this vulnerability by sending a crafted HTTP request containing directory traversal sequences and file names to the vulnerable server. This will allow the attacker to read sensitive files from the server, such as configuration files, source code, etc. The vulnerable URL is http://<=- Domain -=>/<=- Path -=>/print.php?page=../../../../../../../../../../[LFI].
This exploit allows an attacker to inject malicious code into a vulnerable version of phpMyAdmin. The vulnerable versions are phpMyAdmin < 3.3.10.2 and phpMyAdmin < 3.4.3.1. The exploit uses the Swekey authentication system to inject malicious code into the application.
This module exploits a stack buffer overflow in process bcaaa-130.exe (port 16102), which comes as part of the Blue Coat Authentication proxy. It takes up to three attempts in order to successfully gain remote code execution.
ZipItFast v3.0 is vulnerable to a heap overflow vulnerability when a specially crafted .ZIP file is opened. This can be exploited to execute arbitrary code by tricking a user into opening a malicious .ZIP file. The vulnerability is caused due to a boundary error when processing the file name of a .ZIP file. This can be exploited to cause a stack-based buffer overflow by using a specially crafted .ZIP file with an overly long file name.
ZipGenius v6.3.2.3000 is vulnerable to a buffer overflow vulnerability when processing specially crafted .ZIP files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This exploit creates a malicious .ZIP file that contains a payload of 1060 bytes of shellcode followed by a return address that points to the payload. The payload is then executed when the application attempts to process the malicious .ZIP file.
This exploit allows an attacker to execute arbitrary code on a vulnerable phpMyAdmin3 installation. The exploit requires that the 'config' directory is created and writeable in the pma directory, and that session.auto_start is set to 1 in the php.ini configuration.
This exploit is for ZipWiz 2005 v5.0, which is vulnerable to a buffer corruption vulnerability. The exploit creates a malicious .ZIP file which, when opened, causes a buffer overflow and allows arbitrary code execution.
appRain 0.1.4-Alpha(Quick Start Edition) and appRain-d-0.1.3 (Core Edition) multiple Persistence Cross-Site Scripting vulnerabilities as it fails to properly sanitise user-supplied input. Input passed via the 'ss' parameter in 'search' action, 'data[sconfig][site_title]' parameter in '/admin/config/general' action and 'data[sconfig][site_description]' parameter in '/admin/config/general' action is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow an attacker to steal cookie-based authentication credentials and launch further attacks.
Services By CQR