A vulnerability exists in DeeEmm CMS which allows an attacker to inject malicious SQL queries and execute arbitrary remote files. This vulnerability is due to insufficient sanitization of user-supplied input in the 'INDM' and 'language_dir' parameters of the 'user_language.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. Successful exploitation of this vulnerability can result in arbitrary code execution, SQL injection, and other attacks.
An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. The attacker can inject arbitrary SQL code in the vulnerable parameter 'adid' and execute it in the context of the application's database. This can be used to bypass authentication, access, modify and delete data within the database.
A directory traversal vulnerability exists in dotCMS, which allows an attacker to read arbitrary files on the server. This is due to a lack of proper sanitization of user-supplied input to the 'id' parameter in the 'index.dot' and 'macros_detail.dot' scripts. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences (e.g. '../../../../../../../../etc/passwd%00.jpg') to the vulnerable server. Successful exploitation will allow an attacker to read arbitrary files on the server.
FlashGet 1.9 is vulnerable to a remote buffer overflow vulnerability when a maliciously crafted FTP PWD response is sent to the server. This can lead to arbitrary code execution on the vulnerable system. The bug was discovered by Krystian Kloskowski and tested on FlashGet 1.9 running on Windows XP SP2 Polish.
Ruby fails to handle properly the memory allocated for a socket. So when you send ~ 4 big request to a ruby socket, ruby will go in infinite loop, and then crash. The bug reside in the regex engine (in regex.c).
A NULL pointer dereference vulnerability exists in Ventrilo 3.0.2. An attacker can exploit this vulnerability to cause a denial of service condition. The vulnerability is due to a lack of proper validation of user-supplied input when handling a packet with an opcode of 0x0A. By sending a specially crafted packet with an opcode of 0x0A, an attacker can cause a NULL pointer dereference, resulting in a denial of service condition.
This exploit requires sending more than 130 thousand of requests for the fake records like 131737-4795-15081.blah.com to be able to match port and ID and insert poisoned entry for the poisoned_dns.blah.com. The attack took about half of the day, i.e. a bit less than 10 hours.
A vulnerability in gelato CMS allows remote attackers to disclose sensitive files on the server via a direct request to imgsize.php with a modified img parameter.
A vulnerability in Joomla 1.5.x allows an attacker to remotely change the administrator password by exploiting a flaw in the 'confirmReset()' function of the 'com_user' component. The vulnerability is due to the fact that the 'confirmReset()' function does not properly validate the 'token' parameter when it is passed to the 'activation' parameter of the '#__users' table. This allows an attacker to set the administrator password to the value of the 'secret' parameter of the 'configuration.php' file.
BBlog 0.7.6 is vulnerable to SQL Injection. The vulnerability exists in the builtin.help.php file, where user input is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable script. This can allow the attacker to gain access to sensitive information from the database, such as user credentials.
Services By CQR