A remote stack-based buffer overflow vulnerability exists in Oracle Document Capture BlackIce DEVMODE ActiveX Control. The vulnerability is caused due to a boundary error when handling a specially crafted HTML page. This can be exploited to cause a stack-based buffer overflow via an overly long string passed to the 'SetImagePath()' method. Successful exploitation may allow execution of arbitrary code.
This module exploits a DoS vulnerability in the LIST command in XM Easy Personal FTP Server 5.8.0. In order to execute this exploit, you must first login to the FTP server. This was only tested on Windows XP, SP2 (EN).
The JumpMaddID() and JumpURL() methods of the KeyHelp.ocx 1.2.312 module of EMC multiple products suffer from a stack-based buffer overflow vulnerability. The EIP is overwritten after 537 bytes through the second argument, allowing attackers to execute arbitrary code. The exploit code provided in the text is a VBScript that executes calc.exe.
It is possible to specify extra command line arguments, ex. the -vm argument for the IBMIM.exe executable, which will load an arbitrary dll from an external network share, change the path to your own library with some code in the entry point.
The versions 0.804 through 0.812.1 of FlatPress are resulting to be prone to a nasty LFI vulnerability which can be exploited to have RCE (Remote Command Execution). The piece of code involved is in the fp-includes/core/core.users.php directory in the user_get() function which is not properly validated, allowing a remote attacker to execute shell commands remotely, eventually hiding his own tracks (e.g. deleting the injected comment).
This exploit is a buffer overflow vulnerability in Microsoft IIS 6.0 WebDAV ScStoragePathFromUrl function. It allows an attacker to execute arbitrary code on the vulnerable system by sending a specially crafted HTTP request. The vulnerability is caused by a lack of boundary checks when handling the 'SULang' cookie.
BigAnt Server version 2.50 SP6 is vulnerable to a local buffer overflow when a maliciously crafted ZIP file is opened. This can be exploited by an attacker to execute arbitrary code on the vulnerable system.
A Blind SQL Injection vulnerability exists in Joomla component com_jinc (newsid). An attacker can exploit this vulnerability to gain access to sensitive information from the application. The vulnerable code is located in the file index.php, where the variable newsid is not properly sanitized before being used in a SQL query. To exploit this vulnerability, an attacker must be registered in the website and send a malicious request to the application. The request should contain a malicious payload in the newsid parameter.
A vulnerability was discovered in Snort versions 2.8.1 to 2.8.4, which allowed an attacker to evade logging and falsify alerts. The vulnerability was fixed in version 2.8.5.
The search parameters/queries we submit to the search.php are unsanitized and hence this can be compromised to SQLinject the server. The username and password fields are also unsanitized and hence we can bypass the login systems. In the name field, you can inject XSS.
Services By CQR