The latest Steam client, (and other Steam related executables) suffer the same privilage escelation issue we saw in Adobe Acrobat NOS the other day. This is particularly bad becuase, by default, Steam starts atomaticly. That means that as soon as an administrator logs in... game over.
A vulnerability exists in PHotoLa Gallery version 1.0 which allows an attacker to bypass authentication and gain access to the application. This is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by supplying a specially crafted 'or 1=1/*' payload in the 'username' parameter of the 'signin.php' page.
Alwasel v1.5 is vulnerable to SQL injection. The vulnerability is located in the 'id' parameter of the 'show.php' script. Remote attackers can inject own SQL commands to compromise the web application, access or delete sensitive data from the database, execute system level commands and compromise the server.
The vulnerability exists in the home.php and paidbanner.php scripts of LM Starmail 2.0. An attacker can inject malicious SQL queries and execute arbitrary remote scripts via the page parameter in the home.php script and the ID parameter in the paidbanner.php script.
ImTOO MPEG Encoder 3.1.53 is vulnerable to a local stack overflow vulnerability. The vulnerability is caused due to a boundary error when handling .cue and .m3u files. By creating a specially crafted .cue or .m3u file, a local attacker can cause a stack-based buffer overflow, overwriting the saved return address and executing arbitrary code.
Groovy Media Player 1.2.0 is vulnerable to a local stack-based buffer overflow. The vulnerability is caused due to a boundary error within the processing of .m3u files. By creating a specially crafted .m3u file, a remote attacker could overflow a buffer and execute arbitrary code. The attacker must entice a legitimate user to open a malicious .m3u file.
A SQL injection vulnerability exists in TYPO3 CMS 4.0. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application and execute arbitrary SQL commands in application's database. This can allow the attacker to access or modify critical application data, compromise the application, access or modify data in the backend database, and exploit various other attacks.
A buffer overflow vulnerability exists in Playlistmaker1.5 (m3l,m3u files) due to improper bounds checking of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is due to a failure of the application to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. This can be exploited to cause a stack-based buffer overflow via a specially crafted m3l or m3u file.
Unauthorized topic deletion can be done by getting the Forum and Topic ID from the URL and then using the manageforum.php page to delete the topic. Persistent XSS can be done by writing Javascript/HTML code into the $_POST sections of the postthread.php page.
A2 Media Player ProV2.51 is vulnerable to a local buffer overflow vulnerability when a specially crafted .m3u or .m3l file is opened. This can be exploited to execute arbitrary code by corrupting the stack and overwriting the SEH handler. The exploit code is written in Perl and contains a NOP sled followed by shellcode.
Services By CQR