An attacker can inject malicious SQL queries into the 'cat_id' parameter of the 'calendar.php' script, allowing them to access or modify data in the back-end database.
This exploit is a proof of concept for a buffer overflow vulnerability in Microsoft products. The exploit uses a crafted SVG file with a malicious transform attribute to cause a buffer overflow. The overflow occurs when the transform attribute is too long, causing the application to crash.
This exploit is a local Solaris kernel root exploit for Solaris versions < 5.10 138888-01. It was reported by Tobias Klein and exploited by peri.carding. The exploit works by creating a socket, mapping the zero page, and then preparing a null page. After that, the write queue is cleaned up and the uname and id commands are used to verify that the exploit was successful. The exploit then makes sure that ip_extract_tunreq() will return 0 and ipifp is still set to NULL by using an interface alias starting with zero. After that, ipif->ipif_ill is used for mutex enter and the offset for an ill_t structure is set. Finally, putnext() is called with a queue which is used to add a custom callback function.
Maximus 2008 CMS: Web Portal System (v.1.1.2) is vulnerable to an arbitrary file upload vulnerability. An attacker can upload malicious files to the server by exploiting the vulnerability in the FCKeditor. The vulnerable file is uploadtest.html which is located in the path/html/FCKeditor/editor/filemanager/connectors/ directory. The uploaded files can be accessed from the /FCKeditor/upload/ directory. The configuration of the file uploader is enabled by default in the config.php file located in the /FCKeditor/editor/filemanager/connectors/php/ directory.
Macro Express Pro suffers from a buffer overflow vulnerability when importing playable macro files (.mxe) with added large amount of bytes into the elements: string, integer, float and control. The user input is not properly sanitized which may give the attackers the possibility for an arbitrary code execution on the affected system. Failure of exploitation may result in a denial of service.
Zwii v 2.1.1 is vulnerable to a Remote File Inclusion vulnerability. The vulnerability exists in the system.php file, which is used to include other files. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. This URL can contain a malicious file, which can be executed on the vulnerable system.
There exist multiple vulnerabilities in Mingle Forum, SQL injection being among them. There is a SQL injection vulnerability present in the RSS feed generator. By crafting specific URLs an attacker can retrieve information from the MySQL database. There is a SQL injection vulnerability present in the `edit post` functionality. By crafting specific URLs an attacker can retrieve information from the MySQL database. By browsing directly to the `edit post` page a user can view and edit any page.
Sahana Agasti version 0.6.5 is vulnerable to Local File Inclusion. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'stream_type' parameter in 'stream.php' script. A remote attacker can exploit this vulnerability to include arbitrary files from local resources and execute arbitrary PHP code on the vulnerable system.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'aXconf[default_language]' parameter to '/modules/profile/user.php' script. A remote attacker can include a file from local resources and execute arbitrary code on the vulnerable system.
NetSupport Manager Agent Remote Buffer Overflow is a vulnerability that affects the NetSupport Manager for Linux v11.00 and likely all previous, NetSupport Manager for Solaris v9.50 and likely all previous, NetSupport Manager for Mac OS X v11.00 and likely all previous. This exploit has been tested against NetSupport Manager Linux agent v10.50.0 and NetSupport Manager Linux agent v11.0.0. It is still unpatched as far as the author knows. The exploit uses a payload of 'A' characters followed by a return address and a NOP sled, followed by a shellcode.
Services By CQR