A SQL injection vulnerability was discovered in Geomi CMS by Tridan IT. The vulnerability exists in the cms.php file, where an attacker can inject malicious SQL code into the categoryid parameter. This can be exploited to gain access to the database and potentially execute arbitrary code.
Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
MoviePlay 4.82 is vulnerable to a buffer overflow vulnerability when a specially crafted .lst file is opened. This can be exploited to execute arbitrary code by corrupting the stack. The exploit code is written in Python and it contains a payload that executes calc.exe when the vulnerable application is opened.
A vulnerability in LocatePC 1.05 allows an attacker to execute arbitrary SELECT queries against the LocatePC and 'mysql' database. This can be used to extract information from the database, such as user names, MAC addresses, last login IPs, and program logins. It may also be possible to upload arbitrary files from each user's computer to the LocatePC database, and then to later extract those files from the database. Activating the software's keylogging functionality is also possible.
Unauthenticated remote textual administration console has been found that allow an attacker to run system command as root user.
SourceBans is vulnerable to a Cross Site Scripting Vulnerability (XSS) in which an attacker can execute scripts on a client side resulting in a bypass of access controls and or a credentials loss.
This exploit is a remote buffer overflow exploit for Unreal Tournament. It was discovered by Luigi Auriemma and coded by Fulcrum in 2011. It is a vulnerability in all UT99 servers without a patch. It has been tested on Windows 7 64-bit, XP SP3, Vista SP2 with UT v400, 436, 440, 451, 451b. It uses an alphanumeric decoder from Skylined and getEIP code taken from Heretic. It has a maximum shellcode size of 938 bytes and bad characters of 0x00 and 0x5c.
A user can perform SQL Injection attacks against the plugin at the Replace Media Upload page (Media > Edit > Upload a new file). By changing the 'attachment_id' parameter in the URL to 'attachment_id=99999+union+select+concat(0x20,user_login),+user_pass+from+wp_users+where+ID=1', the plugin will retrieve and display the administrator's user name and password hash. This requires that the attacker has knowledge of the SQL table prefix, but that can be retrieved as well from information_schema.TABLES. A user can also upload arbitrary files, including PHP files, at the Replace Media Upload page using the 'Replace the file' functionality, which doesn't check if uploaded files have an allowed extension. This can be exploited to execute arbitrary PHP code and for instance retrieve or change sensitive information in the SQL database or the web server's file system.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'product.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can allow the attacker to steal sensitive information from the database, modify data, deface the site, etc.
An attacker can exploit a SQL injection vulnerability in the Web 2.0 Social Network Freunde Community application. By sending a specially crafted HTTP request, an attacker can inject arbitrary SQL code into the application, allowing them to access, modify, or delete data from the back-end database.
Services By CQR