Solaris has a bug in the use of SO_REUSEADDR in that the Kernel favours any socket binding operation that is more specific than the general '*.*' wildcard bind(). As such, a malicious socket can bind to an already bound interface if a specific IP address is used. This hijack can be performed against any process over 1024, including root owned services, it is not limited to your own user account. One can then mimic the original service and snoop usernames / passwords, files and data with a trojan version of software, or just cause a DOS against the legitimate service.
OpenBSD sudo 1.3.1 - 1.6.8p is vulnerable to a local root exploit due to a race condition in path name. The exploit involves creating a symbolic link to the sudo command, and then deleting it and replacing it with a link to /bin/sh. This allows the attacker to gain root privileges.
Access Remote PC 4.5.1 discloses passwords to local users.
Willing Webcam 2.8 discloses licence informations (username and key) to local users.
This exploit allows an attacker to execute arbitrary commands on a vulnerable server running a vulnerable version of XML-RPC. The exploit works by sending a specially crafted XML-RPC request to the server, which then executes the malicious code.
This exploit is based on a vulnerability in Xoops <= 2.0.11 xmlrpc.php which allows an attacker to inject malicious SQL code into the application. The exploit is coded in Perl and uses the LWP::UserAgent module to send a specially crafted HTTP request to the vulnerable application. The exploit then parses the response to determine if the injection was successful.
This exploit is a buffer overflow vulnerability in the Affix Bluetooth stack. It allows an attacker to execute arbitrary code on the target system by sending a specially crafted packet to the btftp service. The packet contains a malicious payload which is written to a file in the /var/spool/affix/Inbox directory. The attacker can then connect to the target system using telnet and execute the malicious payload.
The vulnerability exist because all XMLRPC data is taken from the HTTP_RAW_POST_DATA variable, and never sanatized properly thus leaving the doors open for attack. Also, most if not all the functions in xmlrpc.php are vulnerable to similar attacks.
This exploit allows an attacker to execute arbitrary commands on a vulnerable phpBB 2.0.15 installation. The exploit works by sending a specially crafted request to the vulnerable viewtopic.php page, which then executes the command and returns the output. The exploit is written in Python and uses the urllib2 library to send the request.
A remote code execution vulnerability exists in Message Queuing that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.
Services By CQR