header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Bloo – Object Oriented Blog Software <= v.1.00 Remote Sql Injection

Bloo - Object Oriented Blog Software <= v.1.00 is vulnerable to remote SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.

Advisory: SQL-Injections in Mapbender

Due to the lack of input validation, an attacker is able to inject SQL-commands in many PHP scripts of Mapbender. This vulnerability can be exploited regardless of PHP magic quotes. For demonstration purposes, the injection into the "gaz" variable of the file http/php/mod_gazetteer_edit.php is shown.

Advisory: Remote Command Execution in Mapbender

An unauthorized user can create arbitrary PHP-files on the Mapbender webserver, which can later be executed. Due to the lack of input filtering, an attacker is able to enter valid PHP code in the 'factor' input field. This PHP code is written into a newly generated file in the Mapbender webfolder. Therefore, it is possible to remotely execute the code by requesting the new file.

Arbitrary Files Deleting in ASG-Sentry

The fcheck.exe (File Check Utility) CGI available in ASG is used for handling some index files which contain a list of filenames and checksums. The -b option of this utility allows the creation of these index files and is possible to specify both the name of the output file and, optionally, the folder which will be scanned recursively for finding and reading the various files to add to the list. The first vulnerability is in the possibility for an external attacker to use this CGI for overwriting existent files with no data (specifying a new folder which will be created by the same program) or with the list of filenames and checksums. The second vulnerability is in the possibility for an external attacker to delete arbitrary files on the server by using the -d option of the fcheck.exe CGI. The third vulnerability is in the possibility for an external attacker to delete arbitrary files on the server by using the -r option of the fcheck.exe CGI.

Acronis PXE Server Directory Traversal and NULL Pointer Vulnerabilities

The Acronis PXE Server is vulnerable to a classical directory traversal and an arbitrary path attacks which allow an attacker to download any file from the local disks or the network shares. An incomplete TFTP request (anything which goes from the simple absence of the option field to the usage of only the 2 bytes for the opcode) causes the crashing of the PXE Server due to a NULL pointer access.

eWriting 1.2.1 – SQL injection

eWriting 1.2.1 is vulnerable to SQL injection. Attackers can exploit this vulnerability to gain access to sensitive information such as usernames and passwords. The vulnerable parameter is ‘cat’ in the ‘func=selectcat’ parameter. An attacker can inject malicious SQL code into the ‘cat’ parameter to gain access to the database. For Joomla!, the malicious SQL code is ‘-1 UNION ALL SELECT 1,2,concat(username,0x3a,password),4,5,6,7,8,9,10 FROM jos_users--’ and for Mambo, the malicious SQL code is ‘-1 UNION ALL SELECT 1,2,concat(username,0x3a,password),4,5,6,7,8,9,10 FROM mos_users--’. Dorks used to identify vulnerable websites are ‘Powered by eWriting 1.2.1’ and ‘allinurl:”com_ewriting”’.

KingSoft UpdateOcx2.dll SetUninstallName() Heap Overflow Exploit

A heap overflow vulnerability exists in KingSoft UpdateOcx2.dll, which is part of the Kingsoft Antivirus Online Update Module. The vulnerability is triggered when a specially crafted SetUninstallName() call is made, which can lead to arbitrary code execution. The vulnerable function is Vul_Func() located at 0x10012278.

VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit

This exploit allows an attacker to gain root access to a vulnerable VHCS server. The attacker first logs in as an administrator, then changes the password of a reseller. The attacker then logs in as the reseller and attempts to write PHP code to the server. If the server is vulnerable, the attacker can bypass open_basedir and create a database and SQL user. The attacker then logs in as the client and can execute commands as root.

Recent Exploits: