EggAvatar is a plugin for vBulletin 3.8.x which allows an attacker to read any file on the server by exploiting a vulnerability in the eggavatar.php file. The vulnerability is caused due to the improper validation of user-supplied input in the 'old' parameter of the 'eggavatar.php' script. This can be exploited to read any file on the server with the privileges of the webserver.
This exploit is for KingView 6.5.3 SCADA ActiveX. It uses a heap overflow vulnerability to execute arbitrary code. The exploit code creates a malicious ActiveX object with a specially crafted argument. This argument contains a NSEH and SEH handler, followed by a NOP sled and shellcode. The shellcode is responsible for executing calc.exe. The exploit was tested on Windows XP SP3 running on VMware Fusion 3.1 and VirtualBox 3.2.8.
Bacula-web is affected by cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. It is also affected by blind SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Two vulnerabilities exist in 'Quick Polls' providing local file inclusion & local file deletion due to null-byte attacks against functions in index.php.
The Citrix Access Gateway provides support for multiple authentication types. When utilizing the external legacy NTLM authentication module known as ntlm_authenticator the Access Gateway spawns the Samba 'samedit' command line utility to verify a user's identity and password. By embedding shell metacharacters in the web authentication form it is possible to execute arbitrary commands on the Access Gateway.
This module exploits a command injection flaw within the Mitel Audio and Web Conferencing web interface.
This module injects php into the trixbox session file and then, in a second call, evaluates that code by manipulating the langChoice parameter as described in OSVDB-50421.
CakePHP is a popular PHP framework for building web applications. The Security component of CakePHP is vulnerable to an unserialize attack which could be abused to allow unauthenticated attackers to execute arbitrary code with the permissions of the webserver.
This module exploits an arbitrary command execution vulnerability in the Redmine repository controller. The flaw is triggered when a rev parameter is passed to the command line of the SCM tool without adequate filtering.
This module exploits a buffer overflow that occurs when processing specially crafted requests set to mDNSResponder. All Mac OS X systems between version 10.4 and 10.4.9 (without the 2007-005 patch) are affected.