This vulnerability is an unprotected page on the site where you can view all current users and usernames. To find out if a Kentico CMS is vulnerable go to http://site.com/CMSModules/Messaging/CMSPages/PublicMessageUserSelector.aspx assuming that the Kentico CMS was installed to the root folder in the server.
QNX setuid root /sbin/pppoectl allows any user to gain access to privileged information such as the root password hash. The vulnerability exists because of a failure to drop privileges or check the permissions and ownership on the file specified as the configuration file. If a user specifies a file such as /etc/shadow, pppoectl will display the first line of the shadow file in the error output.
Setuid root /usr/photon/bin/phfont on QNX is prone to a buffer overflow. The vulnerability is due to insufficent bounds checking of the PHOTON_HOME environment variable. This is a return-to-libc exploit that yields euid=0. The addresses of system() and exit() are retrieved from libc using dlsym(). During execution of the exploit the argument of system() will be set to sh, and PATH will be set to /tmp. Once /tmp/sh is been executed, the exploit will launch the setuid /tmp/shell yielding the user euid=0.
Setuid root /usr/photon/bin/io-graphics on QNX is prone to a buffer overflow. The vulnerability is due to insufficent bounds checking of the PHOTON2_HOME environment variable. This is a return-to-libc exploit that yields euid=0. The addresses of system() and exit() are retrieved from libc using dlsym(). The address of /bin/sh is retrieved by searching from address 0xb0300000.
This exploit creates a fake arrival-script which will be executed as root by passing it to the -A parameter of /sbin/ifwatchd. The fake arrival-script copies /bin/sh to /tmp/shell and makes it setuid root. Once the setuid shell is in place ifwatchd will be killed to drop the user into the root shell.
KMPlayer 3.8.0.117 is vulnerable to a buffer overflow vulnerability. The vulnerability is triggered when a specially crafted playlist is opened in the KMPlayer Playlist Editor. This causes a stack-based buffer overflow, which allows an attacker to execute arbitrary code. The exploit code contains 250 bytes of junk data followed by a return address pointing to the JMP ESP instruction in kernel32.dll. The exploit code also contains a shellcode that executes calc.exe.
ClipsharePro is a paid youtube clone script, suffers from Localfile Inclusion vulnerability through which attacker can include arbitrary file in webapp. The vulnerability can be exploited by sending a request to ubr_link_upload.php with the config_file parameter set to the file path of the file to be included. For successful exploitation, the $MULTI_CONFIGS_ENABLED value should be set to 1 in the config file.
Ajax File/Image Manager is a l tool to manager files and images remotely. Without extra configs, it's possible to list files from another directory. The vulnerability it's related to 'search' function. In 'search_folder' parameter, escape with ../ or ..%2f
The vulnerability exists due to insufficient sanitisation of user-supplied data in 'text' HTTP POST parameter passed to '/index.php/guestbook/index/newentry' URL. A remote unauthenticated user can send a specially crafted HTTP POST request, which allows to permanently inject and execute arbitrary HTML and script code in user's browser in context of the vulnerable website when the victim visits the 'http://[host]/index.php/guestbook/index/index' URL.
The vulnerability exists due to insufficient validation of "add_value" HTTP GET parameter in "/ajax_udf.php" script. A remote unauthenticated attacker can execute arbitrary SQL commands in application's database. The vulnerability exists due to insufficient validation of allowed action in "/signup.php" script when updating userâ??s profile. A remote authenticated attacker can assign administrative privileges to the current account and gain complete control over the application.
Services By CQR