phpWebThings contains a flaw that allows an attacker to carry out an SQL injection attack. The issue is due to the fdown.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database, allowing for the manipulation or disclosure of arbitrary data.
Green Dam is a software used for monitoring and anti-pornography, popularizing by Chinese goverment. After July 1st, it will be forced to install on all new Chinese PCs. Now it already has 50 million copies in China. In order to monitor the URL that user is exploring, Green Dam injected the browser process. When Green Dam is trying to handle a long URL, a stack overflow will occur in the browser process. This exploit can be used for exploitation on IE, on those computers installed Green Dam. I used the .net binary to deploy shellcode, for it`s more stable than Heap Spray, and able to bypass DEP and ASLR on Vista. The exploit page contains a .net control, so it should be published on IIS.
The Campus Virtual-LMS is vulnerable to SQL injection, Cross-Site Scripting and Cross-Site Request Forgery. The SQL injection vulnerability exists in the news/index.php file, which can be exploited by sending a maliciously crafted HTTP GET request with a negative value in the 'id' parameter. The Cross-Site Scripting vulnerability exists in the enrolments/step1.php and files/shared_list.php files, which can be exploited by sending a maliciously crafted HTTP GET request with a malicious JavaScript code in the 'courseid' and 'search' parameters respectively. The Cross-Site Request Forgery vulnerability exists in the login/logout.php and enrolments/step2.php files, which can be exploited by sending a maliciously crafted HTTP request with a malicious action and orderid parameters.
4images is vulnerable to HTML injection/XSS due to a filter bypass vulnerability. The vulnerability exists due to the fact that the user_homepage field is not properly sanitized when it is updated. An attacker can inject malicious JavaScript code into the user_homepage field which will be executed when the comments are viewed.
A SQL injection vulnerability exists in Zip Store Chat 4.0 and 5.0. An attacker can exploit this vulnerability to gain access to the admin panel by entering ' or ' in the username and password fields. This can be exploited to gain access to the admin panel without authentication.
Apple iTunes 8.1.1.10 is vulnerable to a buffer overflow vulnerability when a maliciously crafted URI is sent to the application. The vulnerability can't be exploited simply overwriting a return address on the stack because of stack canary protection. Increasing buffer size leads to SEH overwrite but it seems that the Access Violation needed to get our own Exception Handler called is not always thrown. To increase reliability, the exploit sends two URI to iTunes: the 1st payload corrupts the stack (it doesnt overwrite cookie, no crash) and the 2nd payload fully overwrite SEH to 0wN EIP. Payloads must be encoded in order to obtain pure ASCII printable shellcode. The vulnerability can be triggered from Firefox but not from IE that seems to truncate the long URI.
This exploit allows an attacker to gain access to the admin panel of a vulnerable Sniggabo CMS website. The exploit is triggered by sending a specially crafted HTTP request to the vulnerable website, which contains malicious SQL code. The malicious code is then executed by the vulnerable website, allowing the attacker to gain access to the admin panel.
In index.php, the method _GET was not filtered properly, allowing an attacker to inject malicious scripts. In system/writemessage.php, the method _GET was also not filtered properly, allowing an attacker to inject malicious SQL queries.
A vulnerability in Torrent Volve allows an attacker to delete arbitrary files. This is due to the lack of proper input validation in the 'archive.php' script. The script does not properly validate user-supplied input before using it to delete files. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences and arbitrary file names. This will allow the attacker to delete arbitrary files on the affected system.
Modsecurity is an Open source Web Application firewall which runs as an Apache module. It has a comprehensive set of rules called 'ModSecurity Core Rules' for common web application attacks like SQL Injection, Cross-Site Scripting etc. It is possible to bypass the ModSecurity Core Rules due to the difference in behaviour of ModSecurity and ASP/ASP.NET applications in handling duplicate HTTP GET/POST/Cookie parameters. Using duplicate parameters has been termed as HTTP Parameter Pollution by Luca Carettoni and Stefano Di Paola. When multiple GET/POST/Cookie parameters of the same name are passed in the HTTP request to ASP and ASP.NET applications they are treated as an array collection. This leads to the values being concatenated with a comma inbetween them. When multiple GET/POST/Cookie parameters of the same name are passed in the HTTP request to ModSecurity it treats them as separate parameters and does not concatenate them. This leads to the bypass of ModSecurity Core Rules.
Services By CQR