There is a Blind SQL Injection vulnerability in the 'page' variable of the virtuemart component. Because of the fact that Joomla core filters '<' or '>' characters, we can only use '=' to test for true/false statements. This of course will send an enormous number of queries the target. During testing, 9145 queries were sent to fully steal the admin user/hash. This PoC was tested on the latest version of virtuemart (1.1.7) at the time of discovery. Depending on your purpose, you may have to adjust the timings of benchmark and time to last byte (ttlb).
The RealNetworks RealGames StubbyUtil.ProcessMgr.1 ActiveX Control (InstallerDlg.dll v2.6.0.445) is vulnerable to multiple remote command execution vulnerabilities. The control has four insecurely implemented methods: CreateVistaTaskLow(), Exec(), ExecLow(), and ShellExec(). These vulnerabilities can allow an attacker to launch arbitrary commands and execute arbitrary executables.
This control has four methods implemented insecurely: ShellExec() allows launching arbitrary commands, ShellExecRunAs() allows launching arbitrary commands, CreateShortcut() allows creating arbitrary executable files inside automatic startup folders, CopyDocument() allows copying arbitrary executable files from a remote network share to local folders. Other attacks are possible including information disclosure and file deletion.
The spidaNews V.1.0 script is vulnerable to SQL injection in the news.php file. An attacker can exploit this vulnerability by injecting malicious SQL code through the 'id' parameter. This can lead to unauthorized access, data manipulation, and other malicious activities.
The IPComp implementation originating from NetBSD/KAME implements injection of unpacked payloads. It allows traversal of perimeter filtering and has potential implementation flaws in popular stacks.
This vulnerability allows an attacker to perform Cross-Site Request Forgery (XSRF) attack by adding an admin user to the Audio & Video Library application. The attacker can send a crafted request to the target application, which will add an admin user without authentication or authorization.
This exploit allows an attacker to add an admin user to the Movies Library 2.0 application. The attacker can send a crafted request to the targeted application, which will add a new user with admin privileges.
This exploit allows an attacker to add an admin user to the News 1.0 system without proper authorization. The exploit consists of a form that sends a POST request to http://localhost/News/admin/index.php with the necessary parameters to add a new user with admin privileges. The parameters include the username, password, email, and group ID. The attacker can modify these parameters to add any desired user.
This exploit allows an attacker to add an admin user to the E-Store 1.0 application by sending a crafted HTTP request. The attacker can specify the username, password, email, and group ID for the new admin user.
This exploit takes advantage of a buffer overflow vulnerability in GOM Media Player version 2.1.6.3499. It generates a malicious avi file that, when opened with GOM Player, can cause a crash or denial of service.
Services By CQR