This proof-of-concept (PoC) code connects to a live demo server and replaces system.ini with jpeg content. It is working against IE8b/xpsp3, safe for scripting and for initialization. LiveX_v7000 and LiveX_v8120 with clsids {DA8484DE-52DB-4860-A986-61A8682E298A} and {F4421170-DB22-4551-BBFB-FFCFFB419F6F} have the same SnapShotToFile() and SnapShotX() methods.
TPTEST is vulnerable to a stack-based buffer overflow vulnerability. This vulnerability can be exploited by sending a specially crafted STATS packet with an overly long email field to the server. This can allow an attacker to execute arbitrary code on the vulnerable system.
For this Persistent XSS to work, a user must create a user account, create an album, upload a picture to the album, and put a malicious script as the description. When someone views the slideshow, the script will be executed.
There is a rather big bug in the current FreeBSD telnetd daemon. The environment is not properly sanitized when execution /bin/login, what leads to a (possible) remote root hole. The telnet protocol allows to pass environment variables inside the telnet traffic and assign them to the other side of the tcp connection. The telnet daemon of FreeBSD does not check for LD_* (like LD_PRELOAD) environment variables prior to executing /bin/login. So passing an environment variable with the identifier LD_PRELOAD and the value of a precompiled library that is on the filesystem of the victims box that includes malicious code is possible. When /bin/login is executed with the user id and group id 0 ('root') it preloads the library that was set by remote connection through a telnet environment definition and executes it. It is unlikely that this bug can be exploited remotely but is not impossible. An attacker could f.e. upload a malicious library using ftp (including anonymous ftp users), nfs, smb or any other (file) transfer protocol. One scenario to exploit the bug remotely would be a ftp server running beside the telnet daemon serving also anoynmous users with write access. Then the attacker would upload the malicious library and defines the LD_PRELOAD variable to something similar to /var/ftp/mallib.so to gain remote root access.
BlogWrite 0.91 is vulnerable to a Remote FD / SQL Injection Exploit. This exploit uses two SQL Injections, the first one is /[path]/print.php?id=-1' union all select 1,2,concat(user,0x3a,pass),4,5,6,0,8 from auth where id='1 and the second one is /path]/print.php?id=-1' union all select 1,2,load_file('lf'),4,5,6,0,8 from auth where id='1. However, the query is protected and the author was not able to bypass it.
This exploit allows an attacker to execute arbitrary commands on a vulnerable ea-gBook 0.1 installation. The vulnerability exists due to the 'inc_ordner' parameter in the 'index_inc.php' script not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an arbitrary file from a remote host.
The vulnerability is caused when the browser, opened a web with javaScript code. This cause that page crash. The error is in the method 'setAttributeNode', because the bad implement is the cause of bug.
The vulnerable file is page.php?nc=vbvb&id=-1 union select 0,concat(nom,0x3a,passe),2,3+from+infos--
A remote attacker can exploit a Local File Inclusion (LFI) vulnerability in IdeaCart 0.02 to gain access to sensitive files on the server. Additionally, an attacker can exploit a SQL injection vulnerability to execute arbitrary SQL commands on the underlying database.
Baran CMS is vulnerable to Arbitrary ASP File Upload, Database backups, SQL injection and Cross-site scripting. An attacker can exploit these vulnerabilities to gain access to the system and execute malicious code.
Services By CQR