This exploit tries to read an arbitrary file.
An input validation problem exists within OpenNMS which allows injecting CR (carriage return - %0D or ) and LF (line feed - %0A or ) characters into the server HTTP response header, resulting in a HTTP Response Splitting vulnerability. This vulnerability is possible because the application fails to validate user supplied input, returning it un-sanitized within the server HTTP response header back to the client. This vulnerability not only gives attackers control of the remaining headers and body of the server response, but also allows them to create additional responses entirely under their control. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, and influence or misrepresent how web content is served, cached, or interpreted. Other attacks are also possible.
Galerie 3.2 is an addon for Burning Board Lite. If a ' is added to the pic id, an SQL Error is returned. This is an UPDATE Query, so UNION cannot be used. A Blind SQL Injection is used to exploit this vulnerability.
This exploit allows an attacker to upload a malicious file to the vulnerable server and execute arbitrary code. The attacker can also gain access to system information such as the operating system version and user privileges.
FastStone Image Viewer v3.6 is vulnerable to a denial of service attack when a specially crafted BMP image is opened. This causes the application to crash. The vulnerability is due to an access violation when writing to a specific memory address. Tested on Windows 2000 SP4.
This exploit is a buffer overflow vulnerability in Windows Vista. It allows an attacker to gain access to a limited account by exploiting a vulnerability in the Windows Vista kernel. The exploit works by setting up a vectored exception handler and then writing to a protected memory address. This causes an access violation exception to be thrown, which is then handled by the exception handler. The exception handler then writes a 0 to the memory address, allowing the attacker to gain access to the limited account.
FOSS Gallery Admin Version <= 1.0 is vulnerable to a remote arbitrary upload vulnerability. The vulnerability exists due to insufficient validation of user-supplied input in the 'processFiles.php' script. An attacker can exploit this vulnerability to upload arbitrary files to the vulnerable server, which can lead to remote code execution. The attacker can directly POST in the 3rd step (processFiles.php) with the uploadNeed set to 1 and the uploadFile0 set to the file to be uploaded.
JMweb MP3 is prone to a local file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to view sensitive files from the underlying system that may aid in further attacks.
AyeView v2.20 is vulnerable to a denial of service attack when a specially crafted GIF image is opened. When the image is opened, AyeView freezes and after few seconds crashes. This vulnerability has been tested on Windows XP SP2 & Windows 2000 SP4.
The variable 'id' has been not defined in code and the variable 'id' is sent by the users. The exploit is GET /notes.php?mode=edit&id=[file] and a sample exploit is http://www.localhost.com/notes.php?mode=edit&id=../../../../../../../../../../etc/passwd. A live demo is http://www.phlatline.org/docs/demos/ppim/notes.php?mode=edit&id=../notes.php.
Services By CQR