Crafting a .chm file is possible to cause a stack based buffer overflow.
The WebCalendar <= 1.2.4 is vulnerable to remote code execution. The vulnerability exists in the /install/index.php file (CVE-2012-1495). The code at line 726 attempts to open a file for writing, but does not check if the file handle is empty. This allows an attacker to write arbitrary PHP code to the file, resulting in remote code execution.
This exploit allows an attacker to execute arbitrary commands on the target system through a remote code inclusion vulnerability in Claroline <= 1.7.6. The vulnerability is due to the insecure handling of user input in the "includePath" parameter, which can be exploited to include arbitrary PHP code from a remote location. By crafting a specially crafted request, an attacker can execute arbitrary commands on the target system.
The form action attribute is manipulated to send form data to an external page.
The exploit allows an attacker to perform an SQL injection attack and disclose admin credentials in LifeType version 1.0.4_r3270. The exploit works regardless of the magic_quotes_gpc settings.
Using unsanitized user submitted data for file operations, attacker must be logged in as valid user, PHP must be < 5.3.4 for null-byte attacks to work. Result: remote file disclosure, php remote code execution.
This module exploits a buffer overflow vulnerability in the Isig.isigCtl.1 ActiveX installed with IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1. The vulnerability is found in the 'RunAndUploadFile' method where the 'OtherFields' parameter with user controlled data is used to build a 'Content-Disposition' header and attach contents in an insecure way which allows to overflow a buffer in the stack.
This exploit allows an attacker to change the admin password of a ZTE device. The attacker can submit a POST request to the accessaccount.cgi endpoint with the new password as a parameter. This can be done using the provided form in the HTML code.
The vulnerability is caused due to improper validation to GET and PUT Request containing dot dot slash ('../') sequences, which allows attackers to read or write arbitrary files.
PlumeCMS 1.2.4 (and below) is prone to multiple persistent XSS vulnerability due to an improper input sanitization of multiple parameters. The 'u_email' parameter and 'u_realname' parameter are not correctly sanitized before being passed to the server-side script 'manager/users.php' via HTTP POST method. An attacker who is able to change his profile settings could insert malicious code into the 'Email' field within the 'Authors' template, creating a persistent XSS vulnerability for all users/admins who access the Plume's management interface.
Services By CQR