A vulnerability exists in OBOphiX [fonctions_racine.php] version 2.7.0 and earlier, which allows a remote attacker to include arbitrary files on the system. The vulnerability is due to the 'chemin_lib' parameter in the 'fonctions_racine.php' script not properly sanitizing user-supplied input. An attacker can exploit this vulnerability to include arbitrary files from remote web servers, which can lead to the execution of arbitrary code on the vulnerable system.
This is the second version of Linux sock_sendpage() NULL pointer dereference exploit. Now, it also works with Linux kernel versions which implements COW credentials (e.g. Fedora 11). For SELinux enforced systems, it automatically searches in the SELinux policy rules for types with mmap_zero permission it can transition, and tries to exploit the system with that types.
The Rat CMS Alpha 2 is vulnerable to an arbitrary file upload vulnerability. An attacker can upload a malicious file such as a shell.php file which includes GIF89a; followed by malicious code. The uploaded file can be found in the images directory.
Novell eDirectory 8.8 SP5 is vulnerable to a denial of service attack. If a remote attacker sends Unicode strings with Http Request to '8028 port' ('8028' is the default port of Novell eDirectory Dhost Http Server), the attacker can cause the system to consume %100 of the CPU resources.
This exploit is a buffer overflow exploit for SidVault 2.0e Windows Universal. It was originally authored by blake and tested on Windows XP SP3. The exploit uses a shellcode to execute a calculator program.
This exploit is for HTMLDOC 1.8.27 on Debian 5.0 (+ASLR). It is a remote stack buffer overflow exploit which creates a buffer of 512 bytes and then appends the shellcode to it. The shellcode is XOR encoded and binds a port 4444. The exploit is written in C language and is coded by Pankaj Kohli. The exploit file is written to sploit.html and is run as htmldoc -f somefile.pdf sploit.html.
SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used to identify the SMB dialect that will be used for futher communication.
The vulnerability exists due to insufficient filtration of user-supplied data passed via the 'aid' parameter to the '/index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to read, modify or delete arbitrary data in the database, disclose sensitive information, bypass certain security restrictions, and compromise the application and the underlying system.
A vulnerability in Cisco ASA/PIX versions 6.3, 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 can be triggered by sending a specially crafted packet with a large window size. This will cause the device to crash and reload, resulting in a denial of service. The only way to recover from the denial of service is to reload the device.
DiViS DVR System web-server which fingerprints as Techno Vision Security System has Directory Traversal vulnerability. Successfully exploiting these issues allows remote attackers to access the contents of arbitrary files.
Services By CQR