A buffer overflow vulnerability exists in XM Easy Personal FTP Server 4.2 due to insufficient validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted PORT command with a huge value, resulting in a denial of service condition.
This exploit allows an attacker to inject malicious SQL code into the misc.php file of MyBB <= 1.04, which can be used to gain access to the loginkey of a user with a given user ID.
Post a message including the following line: </textarea>'"><script>alert(document.cookie)</script>. Do the following request : http://SOME_HOST/forum/index.php?msg=*/*. Register with a huge login name, passwd:blabla, email:blabla@gmail.com.
This exploit is based on a vulnerability in phpRPC version 0.7 and below. It allows an attacker to execute arbitrary commands on the vulnerable server. The exploit works by sending a malicious XML request to the server.php file of the phpRPC module, which then executes the command.
Apple OSX's /usr/bin/passwd program has support for a custom passwd file to be used instead of the standard/static path. This feature has security issues in the form of editable file(s) being made anywheres on the disk and also writing arbitrary data to files. The first issue will only work if the file does not already exist, it is done using "umask 0;/usr/bin/passwd -i file -l <filename>". The second issue is once a successful password change has occured /usr/bin/passwd will insecurely re-write the passwd file to /tmp/.pwtmp.<pid>, which can be predicted and linked to a file of your choice. (this exploits the second issue to overwrite /etc/sudoers)
vuBB <=0.2 Final is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a crafted cookie to the vulnerable application. This will allow the attacker to gain access to the application and execute arbitrary SQL queries.
A vulnerability exists in MyBB due to the use of an uncleared variable in the misc.php file. An attacker can exploit this vulnerability by creating a new cookie with a malicious value and then checking the URL HOST/PATH/misc.php?action=buddypopup, where HOST is the victim server and PATH is the MyBB directory. This can allow an attacker to execute arbitrary SQL commands.
FarsiNews 2.5pro is vulnerable to a directory traversal attack which allows an attacker to read arbitrary files on the server. This is due to a lack of proper validation of user-supplied input to the 'archive' parameter in 'index.php' script. An attacker can exploit this vulnerability by manipulating the 'archive' parameter value to traverse to higher directories and read sensitive files such as '/users.db.php' which contains usernames and passwords.
This module exploits a stack overflow in Kerio Personal Firewall administration authentication process. This module has only been tested against Kerio Personal Firewall 2 2.1.4.
This module exploits a stack overflow in Internet Explorer. This bug was patched in Windows 2000 SP4 and Windows XP SP1 according to MSRC.
Services By CQR