This exploit allows an attacker to perform a remote SQL injection attack on a website using the dzcp 1.34 software. The attacker can retrieve the password of a user by providing the website URL, user credentials, and user ID as parameters.
The vulnerability in Unixware's implementation of privileges allows regular users to attach a debugger to a running privileged program and take over its privileges. By finding a program listed in the /etc/security/tcb/privs file with the desired privileges and executable by the user, a malicious user can exploit the vulnerability and gain elevated privileges.
It is possible to view the entries in /etc/shadow through exploiting a buffer overflow in pkgcat and pkginstall. Though neither of these binaries are setuid, the dacread permissions which are granted in /etc/security/tcb/privs give them the ability read /etc/shadow. When the oversized buffer data is passed to the programs as argv[1], the stack will be corrupted and it is possible to spawn a program which would "cat" /etc/shadow with the dacread privs.
The Seyon program in FreeBSD 3.3-RELEASE has a vulnerability that allows a local user to elevate their privileges. The program is installed setgid dialer, allowing a malicious user to access communications devices and other resources accessible by the dialer group.
This exploit targets the Geeklog version 1.4.0sr3. The vulnerability allows an attacker to execute remote commands. The exploit takes advantage of the fckeditor feature, which is enabled by default and not protected. By uploading multiple extension files, an attacker can execute arbitrary shell commands on the target server.
If Microsoft SQL Server 7.0 receives a TDS header with three or more NULL bytes as data, it will crash. The crash will generate an event in the log with ID 17055 'fatal exception EXCEPTION_ACCESS VIOLATION'. The provided code is a DoS attack against MS SQL Server.
It is possible to crash rpc.ttdbserver by using the old tddbserver buffer overflow exploit. This problem is caused by a NULL pointer being dereferenced when rpc function 15 is called with garbage. You cannot make rpc.ttdbserver execute arbitrary code with this vulnerability. The consequence of this vulnerability being exploited is a denial of service condition (rpc.ttdbserver).
The Delegate proxy server from ElectroTechnical Laboratory has numerous unchecked buffers that could be exploited to remotely compromise the server. The exploit code provided in the text opens a shell with the privileges of the nobody user.
Variable $_CONF[path] not sanitized. When register_globals=on an attacker can exploit this vulnerability with a simple PHP injection script. The vulnerability can be exploited by injecting an evil script into the _CONF[path] parameter in various plugins of GeekLog. The affected plugins include links, polls, spamx, and more.
This exploit takes advantage of a buffer overflow vulnerability in ALLMediaServer 0.8. It allows an attacker to execute arbitrary code by sending a specially crafted payload to the target server. The exploit uses a combination of a short jump (NSEH) and a POP POP RETN (SEH) to bypass stack protection mechanisms and gain control of the program flow. The payload can be replaced with any desired shellcode.
Services By CQR