Raja Natarajan GUestbook 1.0 is vulnerable to a Local File Inclusion vulnerability. This vulnerability allows an attacker to include a file from the local system, which can be used to gain access to sensitive information. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'lang' parameter of the 'add.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences (e.g. '../../../../../../../../../../../../../../../etc/passwd%00') to the vulnerable script.
Joomla! 1.5 and 1.6 rely on the JFilterInput class to sanitize user-supplied html. This class attempts to parse any given string for html code, checks the code against a whitelist of elements and attributes, and strips out any code that is not allowed. However, malformed html code can be used to bypass the filter and inject XSS code into user-supplied input. The following string bypasses JFilterInput's "safe" attributes in both 1.5 and 1.6: <img src="<img src=x"/onerror=alert(1)//"> Users of 1.6 can test this by enabling the "Profile" user plugin and injecting this string into the "About Me" textarea. Joomla! 1.5 has no known core extensions that allow guests or regular users to post html, however any 3rd party extension that relies on this class to sanitize input will be vulnerable.
Non-persistent XSS and Directory Traversal vulnerability exists in TinyWebGallery 1.8.3. Non-persistent XSS can be exploited by passing malicious JavaScript code in the parameters sview, tview, dir, and item of the file /admin/index.php. Directory Traversal can be exploited by passing malicious code in the parameter item of the file /admin/index.php. A search engine dork of 'Photo Gallery powered by TinyWebGallery 1.8.3' returns about 1.46M results.
NetLink is vulnerable to a remote arbitrary file upload vulnerability. An attacker can upload a malicious file to the server by exploiting the vulnerable upload.php script. The malicious file can be uploaded to the server by sending a POST request to the upload.php script. The malicious file can then be accessed by sending a GET request to the Users directory.
OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. This vulnerability allows privilege escalation within the OpenVAS Manager but more complex injection may allow arbitrary code to be executed with the privileges of the OpenVAS Manager on vulnerable systems.
AOL 9.5 (rtx) is vulnerable to a local buffer overflow vulnerability. This vulnerability is caused due to a boundary error when handling specially crafted HTML files. This can be exploited by an attacker to execute arbitrary code by tricking a user into opening a specially crafted HTML file.
This exploit is a Denial of Service (DoS) vulnerability in Maxthon Browser v3.0.20.1000. The vulnerability is caused due to a boundary error when handling the .ref and .replace functions, which can be exploited to cause a DoS condition. The exploit code uses the mul() function to generate a string of 2304453 'a' characters, which is then passed to the .ref and .replace functions. This causes the browser to crash.
The structure of the zip file has been copied from the exploit CORELAN TEAM. The exploit is created by C4SS!0 G0M3S and is tested on WIN-XP SP3 PORTUGUESE BRAZILIAN. It is used to exploit the Buffer Overflow vulnerability in NetZip Classic 7.5.1.86.
An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'dlid' in the 'index.php' page. This can be used to extract sensitive information from the database or even modify the database content.
This exploit uses the replace() method of the window.location object to cause a denial of service in Google Chrome v8.0.552.237. The exploit creates a string of 2304453 'a' characters and passes it to the replace() method, causing the browser to crash.
Services By CQR