Exploits 1961 - exploit.company

Share v1.0 for iPhone / iPod touch, Directory Traversal

There is directory traversal vulnerability in the Share. Exploit Testing involves using FTP to connect to the server and using the 'get' command to traverse the directory structure and access sensitive files such as the passwd and com.apple.conference.plist files.

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name

Platforms Tested

iPhone, iPod 3GS with 4.2.1 firmware

Affected Version

Exploit Denial of Service VicFTPS

This exploit is a denial of service attack against VicFTPS 5.0. It sends a malicious LIST command to the FTP server, causing it to crash. The exploit was written in Python and tested on Windows XP SP3.

Affected Version

R3d@l3rt, Sp@2K, Sp@2K, Sunlight, H@ckk3y

vendor:

myDB Lite

myDBLite v1.1.10 for iPhone / iPod touch, Directory Traversal

There is directory traversal vulnerability in the myDBLite. Exploit Testing involves connecting to the FTP server and using the 'cd ../../../../../../' command to traverse the directory structure.

iPhone, iPod 3GS with 4.2.1 firmware

Affected Version

R3d@l3rt, Sp@2K, Sunlight, H@ckk3y

vendor:

Apple

iDocManager v1.0.0 for iPhone / iPod touch, Directory Traversal

There is directory traversal vulnerability in the iDocManager. Exploit Testing involves using FTP to connect to the server and using the 'get' command to traverse the directory and access the passwd and com.apple.conference.plist files.

iPhone, iPod 3GS with 4.2.1 firmware

Affected Version

R3d@l3rt, Sp@2K, Sunlight, H@ckk3y

vendor:

Filer Lite

Filer Lite v2.1.0 for iPhone / iPod touch, Directory Traversal

There is directory traversal vulnerability in the Filer Lite. Exploit Testing involves using FTP to connect to the server and using the 'get' command to traverse directories and access sensitive files such as /etc/passwd and /private/var/mobile/Library/Preferences/com.apple.conference.plist.

iPhone, iPod 3GS with 4.2.1 firmware

Affected Version

R3d@l3rt, Sunlight, H@ckk3y

vendor:

Apple

Air Files v2.6 for iPhone / iPod touch, Directory Traversal

There is directory traversal vulnerability in the Air Files. Exploit Testing involves using FTP to connect to the device and using the 'get' command to traverse the directory structure and access sensitive files such as the passwd and com.apple.conference.plist files.

iPhone, iPod 3GS with 4.2.1 firmware

Affected Version

Alcassoft’s SOPHIA CMS Vulnerable to SQL Injection

Alcassoft's SOPHIA CMS is vulnerable to SQL injection. An attacker can inject malicious SQL queries into the vulnerable parameter 'pageid' in the 'dsp_page.cfm' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability can result in the compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Affected Version

VidiScript Sql Injection Vulnerability

VidiScript is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Affected Version