NovaBoard is a free, feature rich community message board software written in PHP & MySQL that allows you to set up your own forum within minutes. A vulnerability exists in the program which allows an attacker to inject malicious JavaScript code into the application. This can be done by sending a message to another user of the forum with the malicious code in the message body. Additionally, a non-persistent XSS attack can be performed by sending a malicious URL to the application. If an authenticated user visits the malicious URL, their username and password can be stolen.
This exploit allows an attacker to change the admin password of EFS Easy Chat Server version 2.2 by submitting a malicious POST request to the registresult.htm page. The malicious request contains the username, password, confirm password, email and resume fields which are used to change the admin password. The attacker can then use the new credentials to gain access to the server.
Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers.
Through the SetExternalPlayer() method and the ExternalPlayer property, it is possible to associate an arbitrary executable to the 'external player' button, which opens Windows Media Player by default. When the user clicks this button, the executable is launched without prompts. Also, this value is stored in config.xml, inside the sopcast local folder for further use, ex. with the sopcast client application.
EFS Easy Chat Server is prone to a buffer overflow vulnerability when handling overly long authentication requests. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
All queries are vulnerable. This bug allows a guest to view username and the password of a registered user. Authentication Bypass bug allows an admin to bypass authentication using the previous bug. Local File Inclusion bug allow an admin to include local files.
A Remote Code Execution issue has been found in Zabbix version 1.6.2 and no authentication is required in order to exploit this vulnerability. The Magic Quotes must be off in order to exploit this vulnerability, however this feature will not be supported starting with PHP 6.0. Pages define an array of every used variable that derives from external (GPC) input. An example of the mechanism is the following: $fields=array( "config"=> array(T_ZBX_INT, O_OPT, P_SYS, IN("0,1"), NULL), // actions "groupid"=> array(T_ZBX_INT, O_OPT, P_SYS|P_NZERO, DB_ID, NULL), "hostid"= array(T_ZBX_INT, O_OPT, P_SYS|P_NZERO, DB_ID, NULL), // ... ); check_fields($fields);
RitsBlog 0.4.2 is vulnerable to SQL Injection and XSS Persistent. The SQL Injection vulnerability is present in the ritsBlogAdmin.class.php file, where the login function does not properly sanitize user-supplied input. An attacker can exploit this vulnerability by sending a crafted request with malicious SQL code. The XSS Persistent vulnerability is present in the ritsBlogAdmin.class.php file, where the addComment function does not properly sanitize user-supplied input. An attacker can exploit this vulnerability by sending a crafted request with malicious JavaScript code.
A buffer overflow vulnerability exists in wa33.cue file due to improper bounds checking which can be exploited by malicious people to execute arbitrary code. The vulnerability is caused due to a boundary error within the processing of the .cue file. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted .cue file. Successful exploitation may allow execution of arbitrary code.
This exploit is a local SEH overwrite exploit which is used to exploit a vulnerability in Media Commands (m3u File). It was founded by Hakxer and exploited by His0k4. It was tested on Windows XP Pro SP2 Fr. It uses a pop pop ret msacm32.drv to overwrite the SEH and a win32_exec shellcode to execute a calc command.
Services By CQR