Virtualmin is prone to multiple vulnerabilities. Unprivileged port use allows regular users to run their own daemon on port 10000 and prevent Virtualmin to run. XSS and CSRF attacks can be conducted due to lack of input data validation. Anonymous proxy feature can be used to hide the attacker's real location and conduct attacks on different servers. Information disclousure is possible due to system() call in mysql module and lack of dropping root privileges to perform some of its actions.
This exploit is a proof of concept for a local stack overflow vulnerability in Icarus 2.0(GUEST.ICP). The exploit is written in Perl and creates a file called GUEST.ICP with a header of 'server =' followed by 5000 'A' characters. When the user clicks on the Perl file, the program crashes.
JetAudio 7.5.3 COWON Media Center is vulnerable to a Denial of Service (DoS) attack when a specially crafted .WAV file is opened with the application. The application will crash when the file is opened, resulting in a DoS condition.
A vulnerability in OnePound Shop 1.x allows an attacker to inject arbitrary SQL commands via the 'id' parameter in the 'products.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This vulnerability is also known as 'SQL Injection'.
This vulnerability is related to the Firefox 3.5 browser. It is a heap spray vulnerability which allows an attacker to execute arbitrary code on the target system. The exploit is based on a memory corruption vulnerability in the browser's JavaScript engine. The exploit is triggered by a malicious JavaScript code which is embedded in a web page. The code is executed when the user visits the page. The exploit uses a heap spray technique to inject malicious code into the browser's memory. The malicious code is then executed, allowing the attacker to gain control of the target system.
A buffer overflow vulnerability exists in Mp3-Nator 2.0, which is caused by a boundary error when handling the ListData.dat file. An attacker can exploit this vulnerability to execute arbitrary code by sending a specially crafted ListData.dat file to the victim. This vulnerability is exploited by sending a specially crafted ListData.dat file to the victim, which contains a malicious payload that overwrites the SEH chain and executes arbitrary code.
The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files.
This exploit panics the FreeBSD kernel by passing a large value to malloc(9) in one of fbsd's ata ioctl's. The exploit requires read access to the ata device in /dev to be able to open() the device.
A buffer overflow vulnerability exists in SciTE Editor 1.72 when a specially crafted file is opened. When the file is opened, the scroll bars are moved which causes a crash. The PoC creates a file with 5000 A characters and when opened with SciTE Editor 1.72, it causes a crash.
RunCMS version 1.6.3 and below are vulnerable to a remote code execution vulnerability. An attacker can exploit this vulnerability by uploading a malicious file with a double extension (e.g. .jpg.pwl) to the server via the FCKEditor. The attacker can then execute arbitrary commands on the server by accessing the malicious file with a GET request containing a “cmd” parameter.
Services By CQR