A vulnerability exists in ionFiles 4.4.2 Component for Joomla! CMS, which allows an attacker to download arbitrary files from the server. This is due to the download.php script not properly sanitizing user-supplied input to the 'file' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters to the download.php script. This will allow the attacker to download arbitrary files from the server.
This Exploit requires a valid user name and password of an account regardless of the permissions. It uses HTTP::Request::Common qw(POST) and LWP::UserAgent to send a POST request to the LoudBlog ajax.php page with the colpick, rowpick, rowval, and table parameters set. The User-Agent and Cookie headers are also set with the valid user's MD5 hash. The response contains the username and password of the admin account.
A vulnerability exists in phpcrs version <= 2.06, which allows an attacker to include a local file via the 'importFunction' parameter in the 'frame.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. The website only works with Firefox and to exploit it, the user-agent must be changed.
A relatively common bug parsing TXT records delivered over DNS, dating at least back to 2002 in Sendmail 8.2.0 and almost certainly much earlier, has been found in LibSPF2, a library frequently used to retrieve SPF (Sender Policy Framework) records and apply policy according to those records. This implementation flaw allows for relatively flexible memory corruption, and should thus be treated as a path to anonymous remote code execution. Of particular note is that the remote code execution would occur on servers specifically designed to receive E-Mail from the Internet, and that these systems may in fact be high volume mail exchangers. This creates privacy implications. It is also the case that a corrupted email server is a useful “jumping off” point for attackers to corrupt desktop machines, since attachments can be corrupted with malware while the containing message stays intact. So there are internal security implications as well, above and beyond corruption of the mail server on the DMZ.
There isn't any check for file extensions, allowing an attacker to upload malicious files to the server.
A vulnerability exists in Joomla Component Daily Message (com_dailymessage) version 1.0.3, which allows an attacker to inject arbitrary SQL commands via the 'id' parameter in a GET request. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as usernames and passwords. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter.
Opera browser is vulnerable to stored Cross Site Scripting. A malicious attacker is able to inject arbitrary browser content through the websites visited with the Opera browser. The code injection is rendered into the Opera History Search page which displays URL and a short description of the visited pages.
A denial of service vulnerability exists in FreeSSH 1.2.1 due to an unchecked buffer when handling a rename request. An attacker can exploit this vulnerability by sending a large amount of data to the server, resulting in a crash.
An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The malicious request contains an SQL query that is appended to the vulnerable parameter. This allows the attacker to execute arbitrary SQL commands on the underlying database.
VLC Media Player TY File Stack Based Buffer Overflow Exploit is a vulnerability in VLC Media Player which allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability is caused due to a boundary error when handling TY files. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted TY file to the vulnerable application. Successful exploitation allows execution of arbitrary code.
Services By CQR