Easy LAN Folder Share Version 3.2.0.100 is vulnerable to a buffer overflow vulnerability. After creating a txt file, the user can copy the AAA... string to clipboard and then paste it in the 'Register -> Activate License -> Registration Code' section. Typing any character in the User Name text field will trigger the vulnerability.
LibrettoCMS is provided a file upload function to unauthenticated users. Allows for write/read/edit/delete download arbitrary file uploaded , which results attacker might arbitrary write/read/edit/delete files and folders. LibrettoCMS use pgrfilemanager and restrict file type for upload only doc and pdf but able to rename filetype after uploaded lead attacker to rename *.doc to *.php and arbitrary execute PHP shell on webserver.
A vulnerability has been found in this devices: -CVE-2013-3543. Exposed Unsafe ActiveX Method(CWE-618). The vulnerability affects to the latest version of the software (6.2.10.11 which was released on October 19, 2012). In the vendor web, you could see that “AXIS Media Control is the recommended method for viewing video images in Microsoft Internet Explorer.” Vulnerability which can be exploited by remote malicious person to overwrite arbitrary files with garbage data on a vulnerable system. The vulnerability exists due to the ActiveX control including insecure "StartRecord()", "SaveCurrentImage()" and "StartRecordMedia()" methods in "AxisMediaControlEmb.dll" DLL. This can be exploited to corrupt or create arbitrary files in the context of the current user.
The Ubiquiti airCam RTSP service 'ubnt-streamer', has a buffer overflow when parsing the URI of a RTSP request message. This bug allows remote attackers to execute arbitrary code via RTSP request message.
This software suffers validation errors throughout the basic protocol implementation making it possible to cause overflows, type mismatches and so on. Here is a type mismatch crash: echo "<pwn>pwn"|nc -u 192.168.200.20 514
Php-Agenda 2.2.8 and lower versions contain a flaw that allows an authenticated user iSQL attack. This flaw exists because the application does not properly sanitize parameters (only rely on mysql_real_escape_string() funcion ) in the edit_event.php file. This allows an attacker to create a specially crafted URL to dump multiple informations of the databases content. A valid account is required.
This module abuses the java.sql.DriverManager class where the toString() method is called over user supplied classes, from a doPrivileged block. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play on IE throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java Web Start can be launched automatically throw the ActiveX control. Otherwise the applet is launched without click-to-play bypass.
This module exploits a vulnerability found in Synactis' PDF In-The-Box ActiveX component, specifically PDF_IN_1.ocx. When a long string of data is given to the ConnectToSynactis function, which is meant to be used for the ldCmdLine argument of a WinExec call, a strcpy routine can end up overwriting a TRegistry class pointer saved on the stack, and results in arbitrary code execution under the context of the user.
A bug discovered in Sami FTP Server allows an attacker to cause a Denial of Service using a specially crafted request.
An attacker might execute arbitrary SQL commands on the database server with this vulnerability. User tainted data is used when creating the database query that will be executed on the database management system (DBMS). An attacker can inject own SQL syntax thus initiate reading, inserting or deleting databaes records.
Services By CQR