This bug allows a privileged user to view username and password of a registered user. Like all SELECT vulnerable queries, this can be manipulate to write files on system.
A stack buffer overflow have been discovered in the Amaya Web Editor's XHTML parser function: ParseCharsetAndContentType(), which can be used to compromise the victim's system via arbitrary code execution. The overflow occurs when the application process the 'charset' type of the 'Content-Type' header of a XHTML document.
AdaptBB contains a flaw that allows an attacker to carry out an SQL injection attack. The issue is due to the inc/bb/topic.php script not properly sanitizing user-supplied input to the 'topic_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database if magic_quotes_gpc = off.
Gravity Board X v2.0 BETA is prone to an SQL injection vulnerability and a code execution vulnerability. An attacker can exploit these issues to manipulate SQL queries, access or modify data, execute arbitrary code in the context of the webserver process, and gain access to sensitive information. The code execution vulnerability is due to a lack of proper sanitization of user-supplied input in the 'board_name' parameter when creating a new board. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the webserver process.
This exploit allows an attacker to upload a simple php shell to the Family Connections <= 1.8.2 web application. The attacker can then execute remote commands by opening the file in a browser.
Found another vector of injection in /private/system/lib-session.php near lines 97-117. If session id is not md5() hashed in general configuration, which is the default, you can inject arbitrary SQL statements. Note that the query in SESS_getUserIdFromSession() function is not vulnerable.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2 UDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DB2TEST database. The issue lies in the handling of a specially crafted packet sent to the DB2TEST database. An attacker can leverage this vulnerability to execute arbitrary code under the context of the DB2 service.
A vulnerability exists in AjaxPortal 3.0, which allows an attacker to inject arbitrary SQL commands via the 'page' parameter in the ajaxp_backend.php page. Passwords are encoded using MySQL PASSWORD() function. (used algorithm depends on MySQL version.)
This exploit happens when parsing and overly long id3 tag to the web server. It is possible to overwrite the exception handlers also so creating a reliable exploit for vista and xps3 shouldn't be to hard. The exploit is triggered by sending a specially crafted request to the web server.
This exploit happens when parsing and overly long file name to the server using the takescreenshot command. There is a description in the poc code. When passing this to the http server we can evade url: filtering as it is passed to the application as an overly long dir. This means we can use any shell code we wish.
Services By CQR