The DDL-Speed Script is vulnerable to Remote File Inclusion (RFI) attacks. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable parameter in the log.php, index.php, and acp.php files. This can allow the attacker to execute arbitrary code on the vulnerable system.
The server will give an error when any URL real/imaginary is passed to the POST_DATA parameter. A remote user is able to identify the full path of the document root folder. When a user is not signed in, the tables are shown to the attacker via an error, because the PHP form fails to properly sanitize user_id since the user is not logged in. The attacker must first try to add a product to the cart and then save the shopping cart for the tables to be revealed by browsing to: http://www.victim.com/cart_save.php
This exploit is written by Ingo Molnar and is used to leak the values of registers R8 to R15. It uses the asm volatile and lcall instructions to move the values of the registers to the variables _r81 to _r152. The values are then printed using the printf function.
WebGlimpse is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
GNU glibc is prone to an remote integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that uses the affected library. The vulnerability is caused by a boundary error when handling timezone information. This can be exploited to cause a stack-based buffer overflow by supplying a specially crafted timezone information file.
The Auerswald USB Device Driver for the Linux kernel is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will likely crash the kernel, denying service to legitimate users.
PHP is prone to a vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow attackers to provide unexpected input and possibly bypass input-validation protection mechanisms. This can aid in further attacks that may utilize crafted user-supplied input.
Arcade Trade Script is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
212cafe WebBoard is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to retrieve and read arbitrary files in the context of the webserver. Information harvested may aid in launching further attacks.
FlatNux is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Services By CQR