Exploits 222 - exploit.company

Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote Buffer Overflow Vulnerability

The 'BackImage' ,'ScriptName', 'ModelName' and 'SRC' properties can be used to trigger a buffer overflow condition. The crazytalk4.ocx ActiveX control will load the close CrazyTalk4Native.dll library and, while

7.5

CVSS

HIGH

Remote Buffer Overflow

Windows Vista, Windows XP, Windows 2003 R2

Affected Version

TypesoftFTP Server 1.1 Remote DoS (APPE) exploit

This exploit takes advantage of a vulnerability in the Typesoft-FTP APPE command. It causes a stack-based buffer overflow by sending a specially crafted buffer to the server. This leads to a denial of service (DoS) condition on the target system.

Affected Version

NetDecision 4.5.1 HTTP Server Buffer Overflow

This module exploits a vulnerability found in NetDecision's HTTP service (located in C:Program FilesNetDecisionBinHttpSvr.exe). By supplying a long string of data to the URL, an overflow may occur if the data gets handled by HTTP Server's active window. In other words, in order to gain remote code execution, the victim is probably looking at HttpSvr's window.

Affected Version

aspWebLinks 2.0 Remote Admin Pass Change Exploit and links.asp SQL Injection

This exploit allows an attacker to change the administrative password remotely in aspWebLinks 2.0 by exploiting a SQL injection vulnerability in the links.asp page.

Affected Version

Multiple SQL injections in rivettracker <=1.03

RivetTracker is a php base torrent tracker with multiple SQL injection vulnerabilities. The vulnerability allows an attacker to access sensitive files, execute arbitrary SQL queries, and potentially retrieve passwords and usernames for admin, user, and mysql database.

Affected Version

metajour 2.1 (system_path) – Remote File Include Vulnerabilities

The metajour 2.1 script is vulnerable to remote file inclusion attacks. An attacker can include malicious scripts by manipulating the 'system_path' parameter in various PHP files.

Affected Version

Corrado Liotta Aka CorryL

vendor:

ImgPals

ImgPals Photo Host Version 1.0 STABLE

A attacker can remotely disable the account from administrator not allowing the same to be able to access the site

5.5

CVSS

MEDIUM

Admin Account Disactivation

Affected Version

WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages)

WebfolioCMS 1.1.4 (and lower) is affected by a CSRF Vulnerability which allows an attacker to add a new administrator, modify web pages, and change other WebfolioCMS parameters. The exploit demonstrates how to add an administrator account and modify existing and published web pages.

Affected Version

Sysax <= 5.53 SSH Username BoF Pre Auth RCE (Egghunter)

The exploit allows remote attackers to execute arbitrary code via a long SSH username, which triggers a buffer overflow in the username field of the SSH handshake process.

CVSS

CRITICAL

The exploit allows remote attackers to execute arbitrary code via a long SSH username, which triggers a buffer overflow in the username field of the SSH handshake process.

Windows XP SP3 32-bit, Windows 2003 Server SP2 (No DEP)

Affected Version

PlumeCMS <= 1.2.4 CSRF Vulnerability

PlumeCMS is prone to a CSRF Vulnerability which allows an attacker to insert and publish "News" (as PlumeCMS names his articles) when an authenticated admin browses a web page containing the provided HTML/Javascript code.

Affected Version

1.2.4 (latest) and lower

To: