iGeneric iG Shop is reportedly affected by multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using them in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
SD Server is vulnerable to a directory traversal attack, which allows an attacker to gain access to potentially sensitive system files. This is possible due to the way SD Server handles certain types of requests. An example of such an attack is demonstrated in the URL provided, which attempts to access the SAM file in the Windows repair directory.
Internet Explorer is reported prone to a pop-up window title bar spoofing weakness. The weakness is reported to exist due to a flaw that manifests in script-initiated pop-up windows. This issue may be leveraged by an attacker to display false URI information in the title bar of an Internet Explorer pop-up dialog window. This may facilitate phishing style attacks; other attacks may also be possible.
Netscape Navigator is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs an infinite JavaScript array sort operation. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed.
Network device drivers for several vendors have been reported to disclose potentially sensitive information to attackers. Frames that are smaller than the minimum frame size should have the unused portion of the frame buffer padded with null (or other) bytes. Some device drivers fail to do this adequately, leaving the data that was stored in the memory comprising the buffer prior to its use intact. Consequently, this data may be transmitted within frames across Ethernet segments. Since the Ethernet frame buffer is allocated in kernel memory space, sensitive data may be leaked.
WebWiz Scripts versions 3.06 and prior are vulnerable to a login bypass vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable application. This will allow the attacker to bypass authentication and gain access to the application.
A serious bug was discovered in CubeCart 3.0.6 and below which an attacker can remotely execute arbitrary commands via 'includes/orderSuccess.inc.php' where passing input to the 'glob' and 'cart_order_id' variable, we can attain access to passing input to the 'glob[rootDir]' variable, and include a remote execution script to execute arbitrary commands. As usual, this requires 'register_globals' to be enabled in order to successfully do this, otherwise a 403 error will show.
k-rad3.c is a local exploit for Linux 2.6.11 and below CPL 0 kernel. It was discovered and original exploit coded in Jan 2005 by sd <sd@fucksheep.org>. It was modified in 2005/9 by alert7 <alert7@xfocus.org>. It can be compiled using gcc -o k-rad3 k-rad3.c -static -O2. It has been tested successfully on default installed RHEL4(2.6.9-5.EL and 2.6.9-5.ELsmp) and default installed maglic linux 1.2. It can be used to get root shell using shellcode.
A buffer overflow vulnerability exists in Microsoft Windows Media Player 9.0 when processing a specially crafted ASX file. This can be exploited to execute arbitrary code by tricking a user into opening a malicious ASX file.
A buffer overflow vulnerability exists in the timeout() function of Luigi Auriemma's tool. An attacker can send a specially crafted packet to the vulnerable system to trigger the buffer overflow and execute arbitrary code.
Services By CQR