Farmers Wife Server 4.4 SP1 is vulnerable to a directory traversal attack. By default, the server runs on port 22003 and the default writable path is /guests. An attacker can use the ../../../ patterns to traverse the directory and gain access to the system. The anonymous login gives guest access, which means write access to /guests, which means default remote 'root' aka SYSTEM access.
Via this method remote attacker can inject SQL query to the news.asp and change any users password without login.
Xmame 0.102 is vulnerable to a local buffer overflow vulnerability when the -lang argument is passed. This vulnerability can be exploited by an attacker to execute arbitrary code on the vulnerable system. The exploit code is written in C and is used to overwrite the return address of the stack with the address of the shellcode. The shellcode is then executed, allowing the attacker to gain access to the vulnerable system.
eStara Softphone buffer overflow exploit is a vulnerability that allows an attacker to send a specially crafted packet to the vulnerable application, which can cause the application to crash or execute arbitrary code. This exploit was tested on eStara Softphone versions 3.0.1.14 and 3.0.1.46. The exploit can be triggered by using the 'nc' command to send a built packet to port 5060 of the target. If successful, a 'hack' dialog box will be displayed on the target.
A packetcount of 1000 and a packetdelay of 0.002 sent to port 80 makes Cisco 7940 IP phones reboot.
This exploit sends a GET request with a string of 32768 'A' characters to the server, causing it to crash.
This exploit is a local privilege escalation vulnerability in the Windows kernel. It allows an attacker to gain elevated privileges on a system by exploiting a flaw in the way the kernel handles APC data. The exploit works by creating a malicious APC object and then using it to overwrite the security descriptor of an object in the kernel. This allows the attacker to gain access to the object and then use it to gain elevated privileges.
WinRAR is prone to a buffer overflow vulnerability when handling specially crafted files. This vulnerability is due to a boundary error when handling long file names. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability affects WinRAR versions 3.30 and prior.
A stack based overflow exists in the handling of command line arguements, namely the [-o oadir] arguement. It is installed setgid auth in a default SCO Openserver 5.0.7 install. An attacker may use this flaw to gain write access to /etc/passwd or /etc/shadow allowing for local root compromise.
This particular vulnerability is already known (sort of). A bug as exact as this one was found by rgod in CuteNews. The sole difference between his and my bug, are the files that are being exploited. While his was a bug using the following string: show_archives.php?template=../inc/ipban.mdu%00, I found my bug in: show_archives.php?template=../inc/categories.mdu%00. The bug lies in categories.mdu, located in the /inc/ folder of the cutenews directory. By using the 'template' variable in show_archives.php, we can include any local files. In this case, we're including categories.mdu. Every .mdu file within the cutenews package has raw PHP code within it, that is not protected like the normal .php files. $template gets sanitized, but can be bypassed depending on php configuration! This is why on some 1.4.0's it works and on some others it does not. It all depends on configuration and whether or not register_globals needs to be on. Looking into categories.mdu, we notice the following to create our exploit string: if($member_db[1] != 1){ msg("error", "Access Denied", "You don't have permission to edit categories"); } elseif($action == "doedit") { cannot write arbitrary php code to $cat_name :( $cat_name = htmlspecialchar($cat_name); but we can write arbitrary php code to $cat_icon! $cat_icon = htmlspecialchar($cat_icon); so, we can write arbitrary php code to $cat_icon, and execute it.
Services By CQR