This exploit targets a vulnerability in the ZwQuerySystemInformation function in Windows. It allows an attacker to escalate their privileges on the affected system.
A vulnerability has been reported that may potentially permit HTML documents to gain unauthorized access to local resources by using specific syntax when referencing said resource as a value for the CODEBASE object property. Under certain conditions, this could be exploited to reference executable content on the victim system. In particular, by pre-pending two backslash characters () to the resource path, it may be possible to invoke the resource. This syntax is reportedly still valid despite patches to limit other means of allowing remote users to reference local content on client systems. This works if the resource is invoked from the Local Zone, so other vulnerabilities are required to bypass Zone restrictions and cause malicious content to be executed in the Local Zone. BIDs 9658, 9320, 9105, and 9107 could all theoretically be exploited in combination with this issue, potentially allowing for execution of arbitrary code on the client system if properly exploited. Attacks that exploit this issue in tandem with other vulnerabilities may be executed through Internet Explorer or HTML email via Outlook/Outlook Express. Note: This BID initially included a proof-of-concept that was published by Roozbeh Afrasiabi that caused a .CHM file to be referenced from the Internet Zone. Further research has determined that this is a new, distinct vulnerability and BID 10348 has been created to describe this issue.
A vulnerability has been identified in multiple products from multiple vendors that may allow a remote attacker to create or modify arbitrary files; these issues relate to the processing of URI requests via various protocol handlers including telnet, rlogin, ssh and mailto. The vulnerability presents itself because applications fail to validate URI input; if a '-' character precedes the host name it is possible to pass options to an application that handles the protocol. Successful exploitation of this issue may allow a remote attacker to create or modify arbitrary files, resulting in a denial of service condition in the browser. The attack would occur in the context of the user running the vulnerable browser.
The built-in DHCP server on Linksys devices is prone to an information disclosure vulnerability. The DHCP server does not handle BOOTP packets properly, allowing an attacker to disclose the contents of the device's memory. This vulnerability can be exploited to watch traffic on the affected device and potentially crash the device, denying service to legitimate users.
The vulnerability allows a remote attacker to verify the validity of a recipient's e-mail address, potentially leading to an increase in junk e-mail.
The vulnerability allows a local attacker to gain root privileges on a vulnerable system by exploiting insufficient access validation in Systrace on NetBSD and the FreeBSD port by Vladimir Kotal. The attacker can use a specially crafted payload to restore privileges and execute arbitrary code.
Internet Explorer is affected by a XML parsing denial of service vulnerability. The vulnerability occurs due to a failure of the application to properly handle malformed XML tags. An attacker can exploit this vulnerability to crash a vulnerable web browser.
A vulnerability in Open WebMail allows a remote attacker to execute arbitrary commands on a vulnerable host. The issue is caused by insufficient sanitization of shell metacharacters passed through URI parameters. By exploiting this vulnerability, a non-privileged user can remotely execute arbitrary commands in the context of the web server hosting the vulnerable application.
Squid proxy is affected by an Internet access control bypass vulnerability. The issue arises due to the failure of the application to handle access controls properly when evaluating malformed URI requests. This vulnerability allows users who are restricted from accessing Internet-based resources to access arbitrary websites.
The Tutorials Manager application is affected by multiple SQL injection vulnerabilities due to a failure to properly sanitize user-supplied input. These vulnerabilities allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information or corruption of database data. In addition, SQL injection attacks may be used to exploit latent vulnerabilities in the underlying database implementation.
Services By CQR