The Vulnerability Laboratory Research Team discovered multiple cross site vulnerabilities in the iAuto Mobile APP for Android, iOS & Blackberry.
A vulnerability exists in the operating system of some Ascend routers. If an invalid TCP packet (of zero length) is sent to the administration port of Ascend Routers 4.5Ci12 or earlier, the result will be a crash and reboot of the attacked router, accomplishing a denial of service attack.
ntop is vulnerable to a format string vulnerability that can compromise root access locally. If present, the argument to the "-i" command-line option is passed directly to a *printf function without being checked. It is thus possible for an attacker insert format specifiers that will be interpreted by the *printf function. Malicious format specifiers can cause the function to overwrite memory locations on the program's stack with user supplied data. This can lead to execution of arbitrary code with the effective privileges of the process (if setuid root, superuser privs).
The Eskolar CMS 0.9.0.0 version is affected by a blind SQL injection vulnerability and a bypass admin logon vulnerability. The application does not properly sanitize user input, allowing for the injection of crafted SQL queries. This can lead to the generation of invalid SQL queries by the database server. A blind SQL injection attack can be used to determine the username and password for the CMS. Additionally, a classical SQL injection can be used to bypass the admin logon. The passwords for the CMS are stored in the database as clear text. While addslashes() function is used to filter GET variables, it is possible to prepare an SQL query without slashes in a blind attack. There is no addslashes() function used to filter variables used for logging in, allowing for classical SQL injection to log in as admin.
An email with a filename consisting of over 86 characters and an extension of .txt.eml will cause Microsoft IIS to crash if placed in the mailrootpickup directory. The process inetinfo.exe will crash, resulting in a Dr. Watson access violation error. Restarting IIS is required in order to regain normal functionality.
Microsoft IIS 4.0 and 5.0 are vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "". Unauthenticated users may access any known file in the context of the IUSR_machinename account. Successful exploitation would yield the same privileges as a user who could successfully log onto the system to a remote user possessing no credentials whatsoever."
Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "". Unauthenticated users may access any known file in the context of the IUSR_machinename account. The IUSR_machinename account is a member of the Everyone and Users groups by default
This exploit targets systems running vixie cron and requires root or another chosen user to execute the 'crontab -e' or 'crontab /any/file' command. It spoofs the legitimate cron entry file with malicious content, leading to account compromise, usually resulting in root compromise.
Microsoft IIS 4.0 and 5.0 are vulnerable to directory traversal if extended UNICODE character representations are used in substitution for "/" and "". Unauthenticated users can access any known file in the context of the IUSR_machinename account
This module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
Services By CQR