This exploit is a local kernel denial of service vulnerability in Microsoft Windows Vista/Server 2008. It is triggered by sending a specially crafted DeviceIoControl request to the Nsi device driver. This causes the system to crash.
Multiple vulnerabilities have been identified in Cisco Unified Operations Manager and associated products. These vulnerabilities include multiple blind SQL injections, multiple XSS. and a directory traversal vulnerability. The blind SQL injection vulnerabilities allow an attacker to extract information from the underlying database, the XSS vulnerabilities allow an attacker to inject malicious JavaScript code into the application, and the directory traversal vulnerability allows an attacker to access files outside of the web root.
A vulnerability in jDownloads 1.0 allows an attacker to upload a malicious file to the server. The attacker can register on the website if required and then navigate to the Submit file page. The attacker can then upload a malicious file with a shell.php.jpg format and the path of the uploaded file will be displayed.
This exploit is for the Sonique Player application version 1.96. It is a buffer overflow exploit that overwrites the EIP with 239 bytes of data and Pita Bytes of 0x00 0x83 0x88 0x93. It is not universal and the user must find their own offsets if not using Windows XP SP3 Eng. The exploit includes 4 Nops before aligning the stack in order to align the stack properly without errors. It then creates a directory and a text file with the exploit code in it.
An SQL Injection has been found on /rsssearch.php in pligg CMS 1.1.4. Prior versions (works on 1.1.3) might also be vulnerables. The $_REQUEST['category'] is not sanitized properly, and is used in a SQL request in a WHERE clause. To make this request happen, use this URL: http://WEBSITE/pligg/rsssearch.php?search=test&adv=1&scategory=123+or+1=1%29%23 This can be used to retrieve information such as the admin's password hash, etc.
This module exploits a vulnerability in the igssdataserver.exe component of 7-Technologies IGSS up to version 9.00.00 b11063. While processing a ListAll command, the application fails to do proper bounds checking before copying data into a small buffer on the stack. This causes a buffer overflow and allows to overwrite a structured exception handling record on the stack, allowing for unauthenticated remote code execution.
It is possible to take control of the eval() function via the 'type' parameter, when the 'action' is set to log-reset. From here we can run out own code. In order to avoid any errors we point the $is_hum->get_* array variable into $is_hum->get_ih and to close the execution without error we point it to php stored function error_log(). In between we may place our own php code and use the passthru() function to execute commands.
A sql injection vulnerability in NoticeBoardPro 1.0 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell. An arbitrary upload vulnerability in NoticeBoardPro 1.0 can be exploited to upload a PHP shell.
A local file inclusion vulnerability in Jcow 4.2.1 can be exploited to include arbitrary files.
A local file inclusion vulnerability in Vanilla Forum 2.0.17.9 can be exploited to include arbitrary files. The proof of concept is a URL that includes a path to the Windows win.ini file.
Services By CQR