A vulnerability has been found that may allow an attacker to execute arbitrary code on servers or home routers running dnsmasq with the TFTP service enabled ('--enable-tfp'). This service is not enabled by default on most distributions; in particular it is not enabled by default on OpenWRT or DD-WRT. Chances of successful exploitation increase when a long directory prefix is used for TFTP. Code will be executed with the privileges of the user running dnsmasq, which is normally a non-privileged one. Additionally there is a potential DoS attack to the TFTP service by exploiting a null-pointer dereference vulnerability.
The query variable "cacheId=" is not sanitized, it will can allow critical files download.
A vulnerability exists in phpNagios v 1.2.0 due to improper validation of user-supplied input in the 'conf[lang]' parameter of the 'menu.php' script. This can be exploited to include arbitrary local files by passing directory traversal strings to the 'conf[lang]' parameter.
An SQL injection vulnerability exists in the com_hestar component 1.0.0 for Joomla! CMS. A remote attacker can send a specially crafted request to the index.php script with the option parameter set to com_hestar and the task parameter set to showlist, and an id parameter set to a malicious SQL statement, which will execute arbitrary SQL commands in the context of the application.
Gemstone/S "stoned" suffers from a local buffer overflow when parsing input either from the "-e" or "-l" flags, which allows a user to specify an exe config file and logfile, respectively. Both use the same buffer that is overflowed and we can overwrite the instruction pointer to control the flow of "stoned". The exploit was tested on Debian 5 (Lenny) and Ubuntu 9.04 (Jaunty Jackalope).
This PoC exploits a format string vulnerability in Ipswitch WS_FTP 12 Professional. The vulnerability is found in the status code of the HTTP protocol, which can be exploited to cause a denial of service or potentially execute arbitrary code.
Safari crashes when interpreting a webpage that calls the "eval" JavaScript function with "A/" repeating 21526 times (43052 bytes). When triggering this vulnerability, Safari will throw a "Stack Overflow" exception, and then an access violation when adjusting the trigger to "A/" repeating 21697 times (43394 bytes). The problem originates in the module "WebKit.dll". Safari uses this module as part of the WebKit layout engine (www.webkit.org).
A SQL injection vulnerability exists in the Joomla Component com_joomloc (id). An attacker can send a specially crafted HTTP request containing malicious SQL code to the vulnerable application in order to execute arbitrary SQL commands in the back-end database.
This exploit allows an attacker to inject malicious SQL queries into the vulnerable TPDugg Joomla Component 1.1. The attacker can use this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords.
This exploit allows an attacker to inject malicious SQL code into the vulnerable Joomla Component BF Survey Pro Free. The malicious code is injected into the 'table' parameter of the 'updateOnePage' task of the 'com_bfsurvey_profree' component. This allows the attacker to modify the username, password, and email of the administrator account, allowing them to gain access to the administrator panel.
Services By CQR