WinMerge version 2.12.4 suffers from a stack overflow vulnerability because it fails to properly sanitize user supplied input when parsing .winmerge project file format resulting in a crash overflowing the memory stack. The attacker can use this scenario to lure unsuspecting users to open malicious crafted .winmerge files with a potential for arbitrary code execution on the affected system.
A vulnerability exists in the hilfsmittel.php file of Woltlab Burning Board 2.3.6 Addon, which allows an attacker to inject malicious SQL queries via the 'katid' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application, such as http://[host]/[path]/hilfsmittel.php?action=read&katid=5'/**/UNION/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10/**/FROM/**/bb1_users/*, which can be used to extract sensitive information from the database.
The parameters 'JAK_COOKIE_NAME' and 'JAK_COOKIE_PASS' are parsed via cookies to the application and are unchecked for malicious characters. The contents of these variables are directly inserted into an SQL statement, leading to SQL Injection vulnerabilities.
During the authentication process, a check is performed to ensure that the user accessing the page is not already logged in. This process is done by validating the cookies set in the browser as 'JAK_COOKIE_NAME' and 'JAK_COOKIE_PASS'. If the cookies are found to be set, then an SQL statement is executed to help validate if the user is logged in. This functionaility contains a blind SQL Injection vulnerability, triggerable through both the 'JAK_COOKIE_NAME' and 'JAK_COOKIE_PASS' variables. Additionally, functionality in the backend, allows an administrative user to add a 'php_hook' whereby adding php content to a page on the website. This allows an attacker essentially backdoor the website in a single request.
This module exploits a code execution vulnerability in Microsoft Internet Explorer. Both IE6 and IE7 (Beta 2) are vulnerable. It will corrupt memory in a way, which, under certain circumstances, can lead to an invalid/corrupt table pointer dereference. EIP will point to a very remote, non-existent memory location. This module is the result of merging three different exploit submissions and has only been reliably tested against Windows XP SP2. This vulnerability was independently discovered by multiple parties. The heap spray method used by this exploit was pioneered by Skylined.
There is a stored XSS vulnerability using http referer HTTP header due to failure in 'index.php' in the acp to sanitize the http referer header. Any visitor to the site can compromise the admin account or any user with privileges to see the 'http referrers' section under the 'Info' section. An attacker has to use an intercepting proxy or manual server requests to add the 'HTTP referer header' containing the POC to the server request.
Independent Escort CMS is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.
An attacker can exploit a SQL injection vulnerability in Escort Directory CMS to gain access to sensitive information from the database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'HotBrunette' parameter of the 'main' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. This may allow the attacker to gain access to sensitive information from the database.
Eventum is a user-friendly and flexible issue tracking system that can be used by a support department to track incoming technical support requests, or by a software development team to quickly organize tasks and bugs. The 'Full-Name' variable is not properly sanitized before displayed in any page. where an authorized user can perform this attack on other users who has access to the system, by changing his own 'full-name' in the preferences section.
Avira AntVir is vulnerable to a buffer overflow vulnerability when a maliciously crafted QUA file is opened in the avcenter.exe application. This can lead to a crash of the application and potentially code execution.
Services By CQR