KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit. A format string vulnerability exists in KVIrc v3.4.0 Virgo, which allows remote attackers to execute arbitrary code via format string specifiers in the 'A:' argument of an 'irc://' URL.
It is possible to upload a php script to the remote site. 1. Select a php file for upload 2. Select it for upload, and tamperdata the request 3. Change the Content-Type from 'application/octet-stream' to 'image/jpeg' 4. If the link provided gives a 404, add 'upload/' before the file name
AJ Forced Matrix Script is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
db Software Laboratory VImpX (VImpX.ocx) is vulnerable to buffer overflow, file content deletion and file content overwrite. Passing an overly long string (more than 256 bytes) to the LogFile property will lead to a stack based buffer overflow which allows arbitrary code execution. The LogFile() and SaveToFile() methods do not check user supplied arguments, allowing an attacker to delete or overwrite the content of a file. This vulnerability was tested on Windows XP Professional SP3 with Internet Explorer 7.
An SQL injection vulnerability exists in Joomla Component Kbase version 1.2. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to gain access to sensitive information stored in the database. The vulnerability is due to insufficient sanitization of user-supplied input to the 'id' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL queries to the vulnerable script. This can allow the attacker to gain access to sensitive information stored in the database.
A Directory Traversal vulnerability was discovered in Joomla Component Archaic Binary Gallery. The vulnerability is caused due to the improper validation of user-supplied input in the 'gallery' parameter of the 'index.php' script. This can be exploited to include arbitrary files from local resources via directory traversal attacks.
This exploit is a buffer overflow vulnerability in VLC 0.9.4. It works on Windows XP SP1, SP2, SP3 and probably Win2k. It works both with a local file and with a remote URL. The exploit does not crash VLC, and it allows for a respawning shell even if VLC is closed.
This vulnerability is a stack overflow vulnerability which allows an attacker to execute arbitrary code on the target system. It occurs when a program writes more data to a buffer than it can hold, and the extra data overwrites adjacent memory locations. This can corrupt data, crash the program, or cause the execution of malicious code.
Due to incorrect use of intval function, leading to the logic of inspection parameters can be bypassed, resulting in SQL injection vulnerability. POC: http://www.test.com/announcements.php?id=1%bf%27%20and%201=2%20%20UNION%20select%201,2,user(),4,5,6,7,8,9,10,11%20/* This vulnerability exist in board.php too…… URI Redirection Vulnerability POC: http://www.test.com/api.php?action=logout&forward=http://evil.com Information Disclosure Vulnerability POC: http://www.test.com/misc.php?action=php_info
WebSVN is an online SVN repository viewer. There are a several issues in WebSVN which may allow for an attacker to conduct cross site scripting attacks, and create arbitrary files. There is a Cross Site Scripting issue in WebSVN due to the unsafe usage of the PHP_SELF server variable within the getParameterisedSelfUrl() function. A url like the one above would display a JavaScript alert window containing the cookie data of any set cookies for the domain. There are also some file handling issues in the RSS functionality used by WebSVN. The issue is caused by the lack of proper sanitization of the "rev" request variable, which allows arbitrary file operations to be executed.
Services By CQR