There is quite a few instances of pre/post auth SQL Injection in the web application. In one particular SQLi the attacker controlled input is being used for multiple queries, and as such seems to fail on the second query when using the _ character. This character is used as a wildcard in the second query as per the MySql manual. Therefore stealing data from the 'amb_users' table may prove difficult. Additionaly, order by SQL Injection is present, which doubles the fun :0). The application also allows for the upload of files with a .php extension, however it does not check the content of the file. Therefore an attacker can upload a malicious php shell, and gain access to the server.
A Cross-Site Request Forgery (CSRF) vulnerability exists in YourTube v1.0, which allows an attacker to add a new user to the application. The attacker can craft a malicious HTML page containing a form with hidden fields that will be automatically submitted to the vulnerable application. The form contains the parameters necessary to add a new user, such as username, password, email, gender, country, signature, and activation status. When a logged-in user visits the malicious page, the form will be automatically submitted and the new user will be added to the application.
An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable parameter 'id' in the 'gallery.php' script. The attacker can then gain access to the admin panel by using the 'gadmin/index.php' script.
Technote7 and TechShop 1.2 are vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can allow the attacker to gain access to the database and execute malicious SQL queries.
A SQL injection vulnerability exists in Sahana Agasti version 0.6.4. The vulnerability is due to the application not properly sanitizing user-supplied input to the 'sel' parameter of the 'xml.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database.
This exploit is for the Bywifi 2.8.1 software. It is a stack buffer overflow exploit which uses a malicious shellcode to execute a command on the target system. The exploit is written in C and uses the WinExec() function to execute the malicious shellcode.
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of the database and/or expose sensitive information. Malicious users may inject SQL querys into a vulnerable application to fool a user in order to gather data from them or see sensible information.
phpICal stores language & template user preferences inside cookies. Theese values are used to include files, but there is no check for "../" chars... also you can break path trough a null char (%00) regardless of any magic_quotes_gpc settings, because they are serialized & we have a stripslashes on them. This code inject a shell in Apache log files, then tries to include it through phpicalendar[cookie_language] & phpicalendar[cookie_style] cookies.
A buffer overflow vulnerability exists in the Telephony Application Programming Interface (TAPI) service in Microsoft Windows 2000. The vulnerability is caused due to a boundary error when handling certain requests sent to the TAPI service. This can be exploited to execute arbitrary code by sending a specially crafted request to the TAPI service. Successful exploitation requires that the Telephony service is running.
A buffer overflow vulnerability exists in Mail.app Version 2.0.7 (746.2) on OSX 10.4.5 Build 8H14 + Security Update 2006-001 (PowerPC) v1.0. The vulnerability is triggered when a specially crafted AppleSingle file header is sent to the application. The file header contains a 4 byte magic number, 4 byte version number, 16 bytes of filler, 2 byte number of entries, and Entry descriptors for each Entry. The Entry descriptor contains a 4 byte entry id, 4 byte offset, and 4 byte length. The Real Name entry id is 0x03, Finder Info is 0x09 and Resource Fork is 0x02. An attacker can exploit this vulnerability to execute arbitrary code on the target system.
Services By CQR