Amaya 11.2 W3C Editor/Browser is vulnerable to a remote buffer overflow vulnerability when handling a specially crafted HTML file. This vulnerability can be exploited by remote attackers to execute arbitrary code by enticing a user to open a malicious HTML file. The vulnerability is caused due to a boundary error within the 'defer' attribute of the 'script' tag when processing HTML files. This can be exploited to cause a stack-based buffer overflow via an overly long, specially crafted string passed to the 'defer' attribute.
This exploit is a local buffer overflow exploit for BlazeDVD 5.1 Professional. It is triggered when a specially crafted .PLF file is opened, which causes a buffer overflow and overwrites the SEH handler. The exploit code is written in Perl and contains a shellcode that is executed when the exploit is successful.
This exploit allows an attacker to bypass the authentication of the AW-BannerAd Asp Scripts. The vulnerable file is adv/admin/index.asp and the user and password are ' or 'x'='x :' or 'x'='x.
aa33code 0.0.1 is vulnerable to Local File Inclusion, Authentication Bypass and Database Configuration Disclosure. An attacker can exploit these vulnerabilities to gain access to sensitive information and execute arbitrary code on the vulnerable system.
PortalXP - Teacher Edition 1.2 is vulnerable to multiple SQL Injection vulnerabilities. An attacker can exploit these vulnerabilities to gain access to sensitive information such as usernames and passwords. The PoC's for these vulnerabilities are: http://127.0.0.1/calendar.php?id=null+union+all+select+1,2,3,concat_ws(0x3a,email,teacherpass),5+from+teacher--, http://127.0.0.1/news.php?id=null+union+all+select+1,2,3,concat_ws(0x3a,email,teacherpass),5+from+teacher--, http://127.0.0.1/links.php?id=null+union+all+select+1,2,3,concat_ws(0x3a,email,teacherpass),5+from+teacher--, http://127.0.0.1/assignments.php?assignment_id=1+union+all+select+1,2,3,4,concat_ws(0x3a,email,teacherpass),6,7,8,9+from+teacher--
A vulnerability exists in Joomla Component com_jfusion (Itemid) which allows an attacker to perform a Blind SQL injection attack. An attacker can send a specially crafted HTTP request containing malicious SQL code to the vulnerable application in order to gain access to unauthorized information. An example of the vulnerable URL is http://localHost/path/index.php?option=com_jfusion&Itemid=n[Sql Code], where n is a valid Itemid and Sql code is +and+(select+substring(concat(1,password),1,1)+from+jos_users+limit+0,1)=1/*. A demo of the vulnerability can be seen at http://www.cd7.com.ec/index.php?option=com_jfusion&Itemid=66+and+(select+substring(concat(1,username),1,1)+from+jos_users+limit+0,1)=1.
VirtualBox VM is unable to handle fast call to privilege level 0 system procedures (sysenter). If sysenter instruction is executed on the guest OS the host machine will reboot. The technique was tested on the following guest OS: Windows XP, Windows 7 RC, Ubuntu 9.04. It is not clear whether it is possible to execute arbitrary code on the host, however this trick can be successfully used by malware as an anti-vm trick.
MAXcms - Databay Content Management System version 3.11.20b is vulnerable to Remote File Inclusion. The vulnerable parameters are is_projectPath, GLOBALS[thCMS_root], is_path and thCMS_root. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable parameters. This can allow the attacker to execute arbitrary code on the server.
Destiny Media Player 1.61 is vulnerable to a universal buffer overflow vulnerability when a specially crafted .pls file is opened. This can be exploited to execute arbitrary code by corrupting the SEH chain and overwriting the return address with a pointer to the shellcode.
An SQL injection vulnerability exists in Arab Portal v2.x in the forum.php file. The vulnerability is due to insufficient sanitization of user-supplied input in the 'qc' parameter. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's database. This can be exploited to gain access to sensitive information such as usernames and passwords stored in the database.
Services By CQR