A buffer overflow vulnerability exists in Boloto Media Player 1.0.0.9 when a maliciously crafted .PLS file is added to the playlist and clicked. This could allow an attacker to execute arbitrary code on the vulnerable system.
A vulnerability exists due to improper handling-line user name to log into the administrative console. When you enter your user name%%%, attacker can gain information on the full path when you install applications, as well as some of the names of internal variables. In consequence of the fact that the function quits, the administrator does not know of the compromise of the system through the module, 'History of logins.'
Alleycode HTML Editor 2.21 is vulnerable to a local buffer overflow vulnerability. This vulnerability is caused due to a boundary error when handling .HTML files. An attacker can exploit this vulnerability by creating a malicious .HTML file and convincing the user to open it. This will cause a buffer overflow and allow the attacker to execute arbitrary code on the vulnerable system.
A vulnerability exists in the way Adobe Acrobat Reader, Right Hemisphere Deep Exploration and other applications handle U3D CLODProgressiveMeshDeclaration initialization array. By supplying a specially crafted U3D file, an attacker can cause a buffer overrun and execute arbitrary code on the target system.
Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.
This module abuses a metacharacter injection vulnerability in the Nagios3 statuswml.cgi script. This flaw is triggered when shell metacharacters are present in the parameters to the ping and traceroute commands.
FreeBSD 7.2 and below (including 6.4) are vulnerable to race condition in VFS and devfs code, resulting in NULL pointer dereference. Due to uninitalised value in devfs_open(), following function is called with fp->f_vnode = 0: static int devfs_fp_check(struct file *fp, struct cdev **devp, struct cdevsw **dswp). In [1] vp is dereferenced, resulting in user-controllable *devp pointer (loaded from *0x1c). If values dereferenced in [2], [3] and [4] are reachable, at [5] we have memory write at user-controllable address. Unfortunately, the value is decremented in [6]. In the exploit, si_threadcount incrementation is used to modify kernel code in devfs_fp_check(). Opcode at 0xc076c64b is "je" (0x74). After incrementation it changes to 0x75, which is "jne". Such modification results in not calling dev_relthread() at [6] and eventually lead to kernel panic.
FreeBSD 6.4 and below are vulnerable to race condition between pipeclose() and knlist_cleardel() resulting in NULL pointer dereference. The exploit code exploits this vulnerability to run code in kernel mode, giving root shell and escaping from jail. The exploit works only on multiprocessor systems.
Riorey devices running affected "RIOS" versions have a hardcoded username and password that is then used by the RView software to connect on port 8022 in order to create a SSH tunnel. This allows the attacker to login as user 'dbuser' using the hardcoded password, and due to an old Linux kernel version used - escalate privilages through several vulnerabilities and eventually take the full control over the device.
AfterLogic WebMail Pro is vulnerable to Cross-Site Scripting, allowing injection of malicious code in the context of the application. The targeted user must be logged in the webmail. This proof of concept was successfully tested in Firefox 3.5 and Internet Explorer 8.
Services By CQR