TotalCalendar 2.4 is vulnerable to bSQL and LFI. The vulnerable code is present in rss.php (selectedCal) and box_display.php (box). The PoC for bSQL is http://127.0.0.1/rss.php?feedBox=Upcoming_Events&action=SwitchCal&selectedCal=[bSQL] and for LFI is http://127.0.0.1/box_display.php?box=[LFI].
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The crafted request contains a malicious SQL query in the 'gallery_id' parameter of the 'index.php' script. This can allow the attacker to access the application's database and extract sensitive information.
Moa gallery version 1.2.0 and prior are vulnerable to multiple remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the server.
atalk_getname() can leak 8 bytes of kernel memory to user. The exploit uses a combination of syscalls and getsockname() to leak kernel memory.
A previously unreported vulnerability in HyperVM/Kloxo allows an attacker to gain root shell access. This is done by creating a folder named 'backupPdUzR4' in the '/tmp' directory, which is world-readable and contains root passwords in plain text, including username, RSA private keys and more. The VM type is OpenVZ.
A vulnerability in the video.php file of EMO Breader Manager allows an attacker to inject arbitrary SQL commands. The vulnerability is due to insufficient sanitization of user-supplied input to the 'movie' parameter of the video.php file. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable application. Successful exploitation could result in unauthorized access to sensitive information stored in the database.
Notes Connector is an easy to use tool that allows you to instantly synchronize all your Lotus Notes email. A remote DoS vulnerability exists in lnresobject.dll version 7.1.1.119, which can be exploited by a malicious user to crash the application.
The Novell Client workstation software extends the capabilities of Linux and Windows desktops by providing access to NetWare and Open Enterprise Server (OES). A vulnerability exists in the nwsetup.dll library, versions 4.91.5.1 and earlier, which can be exploited by a remote attacker to cause a denial of service condition. The vulnerability is caused due to a boundary error when processing certain CLSIDs in an HTML page. This can be exploited to cause a stack-based buffer overflow by tricking a user into visiting a malicious web page.
During a brief assessment performed for Xerox WorkCentre 7132 it was discovered that LPD daemon implementation contains a weakness related to robustness of LPD protocol handling. Attacker can crash the whole device with a relatively simple attack. Recovering from the denial-of-service condition requires power cycling the device.
A vulnerability exists in TCPDB 3.8 which allows remote attackers to change the contents of the application. This is due to the application not properly validating user-supplied input before using it to modify the contents of the application. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious code to the vulnerable application. This can result in the execution of arbitrary code on the vulnerable system.
Services By CQR