This exploit is a buffer overflow vulnerability in the Gateway WebLaunch ActiveX control. It allows an attacker to execute arbitrary code on the vulnerable system. The exploit was tested on Windows XP SP2 (fully patched) English, IE6, Weblaunch.ocx: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} and Weblaunch2.ocx: {97BB6657-DC7F-4489-9067-51FAB9D8857E}. The exploit was written by e.b. and thanks to h.d.m. and the Metasploit crew.
This vulnerability allows a malicious web page to post arbitrary images on the web from a user hard drive. Images will be visible on ImageShack site, a way for an attacker to retrieve them maybe tag search or by understanding the renaming operation, ex. "_" chars are removed and the "tq2" string is appended. The vulnerability is exploited by using a VBScript to call the BuildSlideShow method of the ImageShackToolbar.dll file, which allows the attacker to upload a file from the user's hard drive.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'files' parameter to '/optimizer.php' script. A remote attacker can send a specially crafted HTTP request with directory traversal sequences to view arbitrary files on the vulnerable system.
This exploit allows remote attackers to execute arbitrary code on vulnerable installations of Move Networks Upgrade Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of certain parameters passed to the ActiveX control. By supplying a overly long string, an attacker can cause a stack-based buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of the user.
A buffer overflow vulnerability exists in the Demo() function of the given code. The vulnerability is caused due to the lack of proper input validation when handling user-supplied data. An attacker can exploit this vulnerability by supplying a large amount of data to the Demo() function, which can cause a buffer overflow and potentially allow arbitrary code execution.
Liquid-Silver CMS is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability to read and execute arbitrary files on the server. The attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious input to the vulnerable application. The attacker can use the 'update' parameter to read and execute arbitrary files on the server. The attacker does not need to specify the file extension in the request.
SLAED CMS 2.5 Lite is vulnerable to Local File Inclusion due to the lack of input validation. The newlang parameter in the index.php file is not filtered, so an attacker can use the exploit http://[targethost]/[path]/index.php?newlang=../../../../../../../../../../etc/passwd%00 to read the /etc/passwd file.
This exploit allows remote attackers to execute arbitrary commands on vulnerable installations of Comodo AntiVirus 2.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExecuteStr() method of the vulnerable ActiveX control. By passing a malicious command to the ExecuteStr() method, an attacker can execute arbitrary commands on the vulnerable system.
Siteman Version 1.1.9 is vulnerable to file disclosure. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to view the content of any file on the server.
Input passed to the FolderName parameter in "RTE_file_browser.asp" and "file_browser.asp" are not properly sanitised before being used. This can be exploited to list directories, list txt and list zip files through directory traversal attacks. Also, "RTE_file_browser.asp" does not check user's session and an unauthenticated attacker can perform this attack.
Services By CQR