This exploit allows an attacker to execute arbitrary commands on a vulnerable WebAPP v0.9.9.2.1 installation. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'cmd' parameter in the 'apage.cgi' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious commands to the vulnerable server. Successful exploitation of this vulnerability can result in arbitrary code execution on the vulnerable server.
This exploit use vulnerability found into Fusion SBX and create new variable and call it with a malicious function (stored in config.php). This exploit utilize injection of three diverse procedures for execution of arbitrary code on vulnerable machine with httpd privileges.
This exploit uses the '%s' format bug exploitation to look for a string in memory. It then removes 0xfdc + len (-HOSTNAME: anonymous/pad) to the found pointer. This substracted value is kept as the distance (-d). Result is the return address position (-w). This code substracts 8 to this address (sparc ret behaviour). The 102th %p pointer on stack is used to find the string. Adding 0x870 to this value, the string is found.
It has been reported that Invision Gallery may be prone to multiple sql injection vulnerabilities, allowing an attacker to influence SQL query logic. The issues exist due to insufficient sanitization of user-supplied data via the 'img', 'cat', 'sort_key', 'order_key', 'user' and 'album' parameters of the gallery module accessed via the 'index.php' script.
A vulnerability has been reported to exist in the software that may allow a remote user to inject malicious SQL syntax into database queries. The problem reportedly exists in one of the parameters of the search.php script. This issue is caused by insufficient sanitization of user-supplied data. A remote attacker may exploit this issue to influence SQL query logic to disclose sensitive information that could be used to gain unauthorized access.
It has been reported that 4nAlbum is prone to multiple vulnerabilities. These issues are primarily due to a failure of the module to validate user input. There is an information disclosure issue with the 'displaycategory.php' script. There is a remote file inclusion vulnerability in the 'displaycategory.php' script. A cross-site scripting vulnerability in the 'nmimage.php' script has also been reported. Finally an SQL injection vulnerability has been reported. This issue may be leveraged through the 'modules.php' script of phpNuke while requesting the 'index' file of the 4nAlbum module.
The IP3 NetAccess Appliance is reported prone to a remote SQL-injection vulnerability. This issue is due to the application's failure to properly sanitize user input. This issue may allow an attacker to gain full control of the appliance through the network-administration interface. The attacker may also be able to influence database queries to view or modify sensitive information, potentially compromising the system or the database.
This exploit is a buffer overflow in the syslog() function. It is triggered when a large string is passed to the syslog() function, which causes a stack overflow. The exploit is written in C and is designed to crash the system.
An issue in the handling of specific web requests by SureCom network devices has been identified. By placing a malformed request to the web configuration interface, it is possible for an attacker to deny service to legitimate users of a vulnerable device.
It has been reported that mformat is prone to a privilege escalation vulnerability when installed as a setUID application. This issue is due to a design error allowing a user to create any arbitrary files as the root user. A local attacker could exploit this issue by forcing the creation of sensitive system files that already exist. When the application formats the specified files, the target system file will be overwritten, destroying sensitive system data. Since the files that are given permissions 0666 and owned by root, the attacker may alter overwritten system configuration files, allowing for a escalation of privileges.
Services By CQR