This module exploits a vulnerability found in KingView <= 6.55. It exists in the KingMess.exe application when handling log files, due to the insecure usage of sprintf. This module uses a malformed .kvl file which must be opened by the victim via the KingMess.exe application, through the 'Browse Log Files' option. The module has been tested successfully on KingView 6.52 and KingView 6.53 Free Trial over Windows XP SP3.
This exploit affects the Mitsubishi MX Component v3 ActiveX control, specifically the ActUWzd.dll file with version 1.0.0.1. It is known to be present in CitectScada 7.10r1 and CitectFacilities 7.10. Other vendors may also ship/support this component. Any control in this library with type 'String' is vulnerable.
This exploit allows an attacker to perform SQL Injection on vBulletin version 5.0.0 Beta 11 - 5.0.0 Beta 28. By exploiting this vulnerability, an attacker can gain unauthorized access to the target system's database.
This module exploits a stack based buffer overflow on Sami FTP Server 2.0.1. The vulnerability exists in the processing of LIST commands. In order to trigger the vulnerability, the "Log" tab must be viewed in the Sami FTP Server managing application, in the target machine. On the other hand, the source IP address used to connect with the FTP Server is needed. If the user can't provide it, the module will try to resolve it. This module has been tested successfully on Sami FTP Server 2.0.1 over Windows XP SP3.
The 'order' and 'orderby' parameter in the IndiaNIC FAQ 1.0 Plugin for WordPress is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL code into the 'order' or 'orderby' parameter.
IndiaNIC FAQ Settings Page is vulnerable for CSRF. The Ask Question area (front-end) is vulnerable for XSS. It is possible to insert <script>alert(1)</script> in question parameter. The Captcha value can be read from captcha parameter (hidden field).
NapShare is susceptible to a remote buffer overflow vulnerability due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed-size memory buffer. Attackers running malicious Gnutella servers can exploit this vulnerability to execute arbitrary code in the context of the vulnerable application. Version 1.2 of NapShare is reported susceptible.
PHP4 and PHP5 are reported prone to multiple local and remote vulnerabilities that may lead to code execution within the context of the vulnerable process. The vulnerabilities include a heap-based buffer overflow in the 'pack()' function, a heap-based memory disclosure in the 'unpack()' function, an access control bypass in 'safe_mode_exec_dir', an access control bypass in 'safe_mode', a 'realpath()' path truncation vulnerability, and a memory corruption vulnerability in the 'unserialize()' function.
PHP4 and PHP5 are prone to multiple local and remote vulnerabilities that may lead to code execution within the context of the vulnerable process. The vulnerabilities include a heap-based buffer overflow in the 'pack()' function, a heap-based memory disclosure in the 'unpack()' function, an access control bypass vulnerability in 'safe_mode_exec_dir', an access control bypass vulnerability in 'safe_mode', a 'realpath()' path truncation vulnerability, and a memory corruption vulnerability in the 'unserialize()' function.
A remote, client-side buffer overflow vulnerability affects MPlayer. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
Services By CQR