Ultrize TimeSheet 1.2.2 is vulnerable to a local file disclosure vulnerability due to insufficient validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to read arbitrary files from the server.
AIX 5.3 ML 5 is vulnerable to a file overwrite vulnerability due to a bad libc code. The vulnerability can be exploited by setting the environment variables MALLOCTYPE=debug and MALLOCDEBUG=report_allocations,output:/bin/filename. This will create a file with 777 permissions in the /bin directory.
EPSON Status Monitor 3 is vulnerable to a local privilege escalation vulnerability due to weak permissions on two executable files, E_S40ST7.EXE and E_S40RP7.EXE, which are installed with full control for Everyone. An attacker can replace these files with a rootkit to gain elevated privileges.
Epiri Professional Web Browser 3.0 is vulnerable to a remote crash exploit. The vulnerability is triggered when a malicious user sends a specially crafted string of 257 characters to the application. This causes the application to crash and can be exploited to execute arbitrary code.
VLC Media Player is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
Compface is vulnerable to a local buffer overflow vulnerability due to insufficient bounds checking when processing .xbm files. This vulnerability can be exploited by an attacker to execute arbitrary code with the privileges of the user running the application. The vulnerability is caused by the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. This can be exploited to cause a stack-based buffer overflow by supplying a specially crafted .xbm file. This exploit code creates a malicious .xbm file that contains shellcode which is executed when the file is processed by compface.
This exploit is based on a vulnerability in ISC BIND 9 which allows an attacker to send a maliciously crafted dynamic update message to a vulnerable server, resulting in a denial of service. The exploit is a rewrite of an exploit by kingcope, and requires the attacker to know the zone argument which can be found in the named.conf file with the type master command.
Ultrize TimeSheet version 1.2.2 is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a URL in the 'config[include_dir]' parameter that points to a malicious file on a remote server. The malicious file will then be included and executed on the vulnerable server.
TinyBrowser is a plugin of TinyMCE JavaScript editor that acts as file browser to view, upload, delete, rename files and folders on the web servers. Configuration settings shipped with tinybrowser are relatively insecure by default. They allow attackers to view, upload, delete, rename files and folders under its predefined upload directory. Requesting the url [PATH]/tinybrowser.php?type=image&folder=hacked will create a folder named 'hacked' in /useruploads/images/ directory if that folder does not exist. Tinybrowser also allows arbitrary file uploads. Requesting the url [PATH]/tinybrowser.php?type=image&folder=hacked&action=upload will upload a file to /useruploads/images/hacked/ directory if that folder exists. This can be used to upload malicious files such as php shells.
A remote denial of service vulnerability has been found in Firebird SQL, which can be exploited by a remote attacker to force the server to close the socket where it is listening for incoming connections and to enter an infinite loop, by sending an unexpected 'op_connect_request' message with invalid data to the server.
Services By CQR