There is an interesting vulnerability in the commenting system of the Telepark Wiki, even guests can comment in this wiki. The vulnerability is present in the /ajax/addComment.php file, where an attacker can upload a shell or execute remote commands. There is also a local file inclusion and admin password disclosure vulnerability present in the getjs.php, getcsslocal.php, and upload.php files. The vendor has patched all the vulnerabilities and the fixes can be seen in the “FIXED” section of the code.
HP Power Manager Administration Universal Buffer Overflow Exploit is a buffer overflow vulnerability that affects HP Power Manager Administration. It allows an attacker to execute arbitrary code on the vulnerable system by sending a specially crafted HTTP request. The vulnerability is caused due to a boundary error within the handling of HTTP requests. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command.
This exploit is for Novell eDirectory 8.8 SP5 iConsole. It was found by Hellcode Labs and the original POC was provided by SecurityFocus. It was coded by Matteo Memelli of Offensive Security. It is a buffer overflow exploit which uses Msf::Encoder::PexAlphaNum with a final size of 709 bytes. It uses a GET request to send the malicious payload to the vulnerable server.
This exploit allows an attacker to bypass the open_basedir restriction in PHP 5.2.11 and 5.3.0. It creates a symlink to a file outside the open_basedir directory, allowing the attacker to access the file.
This vulnerability allows an attacker to access the admin page without authentication. The attacker can pass parameters to the page and access the page without any authentication. The vulnerability can be patched by adding a line of code to check if the request URI contains the admin page and exit if it does.
A remote code execution vulnerability exists in the Microsoft Server Message Block 2.0 (SMBv2) protocol due to improper handling of certain requests. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Cross-Site Scripting (XSS) vulnerability in ReqWebHelp allows remote attackers to inject arbitrary web script or HTML via the operation parameter in workingSet.jsp, the searchWord parameter in searchView.jsp, the maxHits parameter in searchView.jsp, the scopedSearch parameter in searchView.jsp, and the scope parameter in searchView.jsp.
This exploit is a buffer overflow vulnerability in the Shockwave Player Version. It allows an attacker to execute arbitrary code by supplying a long string of characters as an argument to the ShockW.PlayerVersion property.
This exploit is a VBS Buffer Overflow vulnerability. It is caused by a lack of boundary checks when handling user-supplied input. This allows an attacker to overwrite the memory of the application, potentially leading to code execution. This vulnerability affects applications that use VBS and do not properly validate user-supplied input.
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI. The proof of concept involves sending a malicious URI with a Cookie header and a Host header containing a JavaScript payload, which is then loaded in a web browser.