A hidden administration account with username 'service' and password 'service' was discovered in the web management console of Philips VOIP841. Directory Listing and Directory Traversal vulnerabilities were also discovered, allowing an attacker to access sensitive files such as /etc/passwd. Additionally, Cross Site Scripting was discovered inside the 404 standard response page, and Insecure Storage of Skype credentials, web management console passwords, and other sensitive data was discovered in files such as /var/jffs2/data/save.dat and /tmp/apply.log.
An input validation problem exists within JSPWiki which allows to execute (include) arbitrary local .jsp files. An attacker may leverage this issue to execute arbitrary server-side script code on a vulnerable server with the privileges of the web server process. An attacker may leverage cross-site scripting vulnerability to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site.
This exploit is a buffer overflow vulnerability in the IBM Domino Web Access Upload Module. It affects the dwa7w.dll, inotes6.dll and inotes6w.dll versions 7.0.34.1, 6.0.40.0 and 6.0.48.0 respectively. It was tested on Windows XP SP2 (fully patched) English, IE6 and IE7. It was discovered by e.b. and h.d.m. and the Metasploit crew.
A stack overflow/denial of service occurs when supplying a long string to the functions SetBgColor, SetHREF, SetMovieName, SetTarget, and SetMatrix.
The vulnerability exists due to insufficient filtration of user-supplied data passed via the 'aid' parameter to the '/index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication and gain access to the administrator's panel.
Affiliate Market Ver.0.1 BETA (language) is vulnerable to a Local File Include vulnerability. This vulnerability allows an attacker to include a file from a remote server that is accessible by the web server. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (../). This will allow the attacker to include a remote file from the web server. The vulnerable code can be found in the /user/header.php file. An example of the vulnerable code is: /user/header.php?language=../../../../../../../../../../../etc/passwd
A heap buffer overflow vulnerability was discovered in the Citrix Presentation Server Client WFICA.OCX ActiveX component. This vulnerability was discovered by Andrew Christensen and Aaron Portnoy and was assigned CVE-2006-6334. The exploit was written by e.b. and tested on Windows XP SP2 (fully patched) English, IE6, wfica.ocx version 9.200.44376.0. The exploit will execute shellcode when IE is closed.
AuraCMS is a CMS based on PHP and SQL. A vulnerability exists in the mod/gallery/ajax/gallery_data.php file near line 173, where the $_GET['albums'] parameter is not properly sanitized before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
An attacker can exploit a SQL injection vulnerability in the com_pcchess component of Joomla! to gain access to the username and password of the administrator. The vulnerable parameter is the ‘user_id’ parameter which is passed to the ‘index.php’ script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. The malicious SQL statement can be used to extract the username and password of the administrator from the ‘jos_users’ table.
An attacker can exploit this vulnerability by adding an exploit after the user_id or category_id parameter. The exploit is -9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*
Services By CQR