The IBM Remote Control Software package allows a local user with a user-level account to execute code with administrator privileges. This vulnerability can be exploited by launching arbitrary code from the Process Manager interface, such as usrmgr.exe, musrmgr.exe, and regedt32.exe. The user can use these programs to grant administrator privileges to any account on the host or domain.
A buffer overflow vulnerability in pop2d version 4.4 or earlier allows malicious remote users to obtain access to the "nobody" user account. Once logged on, issuing a FOLD command with an argument of about 1000 bytes will cause a stack-based buffer overflow.
This exploit allows an attacker to retrieve the admin credentials of a Joomla website through a blind SQL injection vulnerability in the 'Weblinks' component. The exploit is a disclosure exploit and is a modified version of a previous exploit for Mambo. It includes an always true statement to avoid flooding the admin with email notifications about submissions. The exploit works even though the submissions do not succeed.
The Serv-U FTP server versions 2.5 and earlier are vulnerable to multiple buffer overflows. This can result in a denial of service and at worst in arbitrary code being executed on the system. The vulnerabilities are in the CWD and LS FTP commands if they are passed an argument a string longer than 155 characters.
The RAS Service in Microsoft Windows NT contains multiple buffer overflows that allow local users to execute arbitrary code and gain elevated privileges. The RAS API function RasGetDialParams does not perform any bounds checking, leading to an exploitable buffer overflow. The RASMAN.EXE component, which is run in the security context of the LocalSystem account, uses the RasGetDialParams function to read in data from the phonebook (rasphone.pbk) when dialing out. If a phone number in the phonebook entry is over 299 bytes in length, it can overwrite the process's saved return address, allowing an attacker to execute arbitrary code.
The Windows NT Help utility has a buffer overflow vulnerability when parsing .cnt files with long heading strings. This vulnerability allows a malicious user to create a custom .cnt file with executable code in an entry string, which can grant them Administrator privileges when viewed by an unsuspecting user. The vulnerability is not limited by the permissions of the help file directory as the Help utility will search for a .cnt file first in its execution directory before looking in the help file directory.
A vulnerability in Outlook Express allows a malicious message sent to the user's mailbox to halt POP mail download. The vulnerability occurs when a line containing two dots falls at a packet boundary, causing Outlook Express to interpret the second dot as the end of message marker (EOM). This results in Outlook Express switching back to POP3 command mode and interpreting the rest of the message as a POP3 response, leading to an error message or hanging of the session.
An Allaire Forums file "GetFile.cfm" in the root of the application directory allows anyone to access any file on the Forums server. This vulnerability affects Forums 2.0.4 and earlier.
A SQL Injection vulnerability & a misconfiguration are detected in the Nuked Klan SP v4.5 Content Management System. The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands on the affected application dbms without user interaction. Successful exploitation of the vulnerability results in dbms & application compromise. The vulnerabilities are located in misconfigured regex ereg condition when processing to request the eid variable.
This exploit allows an attacker to upload arbitrary files to the server by exploiting a vulnerability in the 'tmpImagePath' parameter of the BitArticle.php file in bitweaver version 1.3 and earlier. By uploading a specially crafted file, an attacker can execute arbitrary commands on the server.
Services By CQR
