This exploit takes advantage of a buffer overflow vulnerability in Windows Light HTTPD v0.1. By sending a specially crafted HTTP GET request, an attacker can overflow the buffer and execute arbitrary code on the target system. The exploit uses a payload that spawns a shell bind TCP connection on port 1337. The vulnerability was discovered and reported by Jacob Holcomb/Gimppy042 on 24th April, 2013. The affected software can be downloaded from the software vendor's website at http://sourceforge.net/projects/lhttpd/?source=navbar. More information about the exploit can be found in the advisory at http://infosec42.blogspot.com/.
A remote, client-side buffer overflow vulnerability reportedly affects the DXFscope utility. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it as the format specifier string in a formatted printing function. An attacker may leverage this issue to execute arbitrary code with the privileges on an unsuspecting user that uses the vulnerable application to process a malicious DXF formatted file. This may facilitate unauthorized access or privilege escalation.
The vulnerability allows a remote attacker to upload arbitrary PHP scripts to a vulnerable server due to insufficient sanitization of user-supplied input. If successful, the attacker can execute arbitrary script code on the server, leading to unauthorized access in the context of the application.
WordPress is vulnerable to multiple cross-site scripting, HTML injection, and SQL injection vulnerabilities. These vulnerabilities arise due to a lack of proper sanitization of user-supplied data. The cross-site scripting and HTML injection vulnerabilities allow remote attackers to create malicious URI links or post data that includes hostile HTML and script code. If the victim user follows the malicious link or views resulting pages, the hostile code may be rendered in their web browser, potentially leading to the theft of authentication credentials or other attacks. The SQL injection vulnerabilities can be exploited to manipulate SQL queries and may result in the theft of sensitive information and data corruption.
WordPress is reported vulnerable to multiple cross-site scripting, HTML injection, and SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied data. The cross-site scripting and HTML injection issues could permit a remote attacker to create a malicious URI link, or post data to the affected application that includes hostile HTML and script code. If this link were to be followed, or resulting pages were to be viewed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks. An attacker may exploit the SQL injection issues to manipulate SQL queries to the underlying database. This may facilitate theft of sensitive information, potentially including authentication credentials, and data corruption.
The vulnerability allows a remote attacker to upload arbitrary PHP scripts to a vulnerable server by exploiting insufficient sanitization of user-supplied input. If successful, the attacker can execute arbitrary script code on the server, leading to unauthorized access in the context of the application.
Multiple remote SQL injection vulnerabilities affect Ikonboard due to a failure to properly sanitize user-supplied input prior to including it in SQL queries. An attacker can exploit these vulnerabilities to manipulate SQL queries to the underlying database, potentially leading to theft of sensitive information and data corruption.
2fax is prone to a buffer overflow vulnerability. This issue is exposed when the software performs tab expansion operations while converting files. Since files may originate from an external or untrusted source, this issue is considered remote in nature.Successful exploitation will result in execution of arbitrary code in the context of the user running the application.
Vilistextum is prone to a buffer overflow vulnerability. This issue occurs when the application parses HTML attributes while converting an HTML file to text/ASCII. This vulnerability can be exploited remotely by an attacker originating from an external or untrusted source. Successful exploitation of this vulnerability allows the execution of arbitrary code in the context of the user running the application.
Bolthole Filter is prone to a buffer overflow vulnerability. This issue is exposed when the software parses email address data. If successfully exploited, this vulnerability could result in execution of arbitrary code in the context of the process.