Remote exploitation of a buffer overflow in the Serv-U WebClient may allow attackers to execute arbitrary code. The problem lies in the handling of overly long Session Cookies. When a very long session cookie is sent to the Serv-U WebClient HTTP Service an overrun occurs and EIP becomes 'overwritten'.
Function store() in /modules/forum/class/class.forumposts.php is vulnerable, as $this->pid is set in /modules/forum/post.php at lines 94-96 without prior sanitization. This allows an attacker to use a sub-SELECT to save the admin hash and salt in forum posts, even if posts are in moderation, as the subject field is visible in user profiles. The attacker can also use the 'ON DUPLICATE KEY UPDATE' clause to update the post_id field.
A SQL injection vulnerability exists in QuickTeam 2.2, which allows an attacker to execute arbitrary SQL commands via the 'title' parameter in qte_result.php. This can be exploited to gain access to sensitive information such as user credentials and credit card information.
The vulnerability exists in Piwik's implementation of 'open-flash-chart', a module which resides in the './libs/open-flash-chart/php-ofc-library' directory. The vulnerable code forces Piwik to create a directory called './libs/open-flash-chart/tmp-upload-images' which in turn creates a file which is able to hold PHP code. This code however does not function correctly if global variables are unable to be overwritten.
The presence of the Cross Site Scripting plague has been veryfied on /pentaho/ViewAction parameters. The attacker-supplied code can perform different actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. The login page of Pentaho Analysis has a password field with autocomplete enabled. This feature can be used by an attacker to steal the victim's credentials. The application discloses the session token in the URL. An attacker can steal the victim's session token and use it to perform arbitrary actions on the victim's behalf.
Pegasus Mail is a mail client suitable for single or multiple users on stand-alone computers and for internal and Internet mail on local area networks. It has minimal system requirements compared with competing products, for instance the installed program (excluding mailboxes) for version 4.51 requires only around 13.5 MB of hard drive space. A key feature of Pegasus Mail is that it does not use the HTML layout engine that is installed with every Microsoft operating system since 1997, making it immune to security exploits. This vulnerability is a remote buffer overflow exploit which can be used to cause a denial of service.
The Palm Pre WebOS version <= 1.1 suffers from a floating point exception vulnerability when attempting to view a specially crafted web page. If a user views a malicious web page that contains specially crafted data, the "LunaSysMgr" process will crash, causing the device to simulate a reboot. The bug itself is a floating point exception that crashes the "LunaSysMgr" process and forces the device to restart the process, simulating a reboot of the system. The crash does not occur when viewing the malicious web page while in landscape mode. The Palm Pre WebOS version <= 1.1 will crash upon opening a web page that contains 50,280 bytes of data or greater and attempts to refresh the page.
When logged in to CLI via ssh as admin (uid=1) you can escalate your privileges to uid 0 and get /bin/sh. In order to achieve this open 'less' which is available as default for viewing files (ie. less /tmp/top.log) and type in '!/bin/sh'. This will give you direct access to sh shell with UID 0. Tested only on OS version as above.
This module exploits the Wyse Rapport Hagent service by pretending to be a legitimate server. This process involves starting both HTTP and FTP services on the attacker side, then contacting the Hagent service of the target and indicating that an update is available. The target will then download the payload wrapped in an executable from the FTP service.
A remote code execution vulnerability exists in PHP168 6.0 due to improper input validation. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
Services By CQR