This vulnerability allows an attacker to change the configuration of the site by sending a malicious request to the server. The proof of concept code provided in the text shows an example of a malicious request that can be sent to the server to change the configuration of the website.
A buffer overflow is triggered when a long LIST command is sent to the server and the user views the Log tab.
A buffer overflow vulnerability exists in Hanso Player version 2.1.0. An attacker can exploit this vulnerability by creating a malicious M3U file containing a large amount of junk data and sending it to the target user. When the target user opens the malicious file, the buffer overflow will occur, allowing the attacker to execute arbitrary code on the target system.
Archer.c is a privilege escalation exploit for Linux systems. It works reliably against x86-64 3.3-3.7 architectures. The exploit uses a technique called return-oriented programming (ROP) to bypass non-executable memory protections. It uses the mmap() system call to map a page of memory with read, write, and execute permissions. It then copies a function called patch_current() to the mapped page and uses a loop to overwrite the uid and gid values in the current process. Finally, it calls setuid() to gain root privileges.
A SQL injection vulnerability exists in the Wordpress plugin Comment Rating, due to the lack of input validation in the HTTP_X_FORWARDED_FOR header. An attacker can inject malicious SQL code in the header, which can be used to execute arbitrary SQL commands on the underlying database.
User input passed through the 'highlight' parameter is not properly sanitized before being used in an unserialize() call at line 58. This can be exploited to inject arbitrary PHP objects into the application scope. Successful exploitation of this vulnerability doesn't require authentication, but requires the 'System Highlight' plugin to be enabled (such as by default configuration).
This module exploits a file upload vulnerability found in PlarPear CMS By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
This module exploits a file upload vulnerability in Glossword versions 1.8.8 to 1.8.12 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the 'gw_temp/a/' directory.
This module exploits a vulnerability in Kordil EDMS v2.2.60rc3. This application has an upload feature that allows an unauthenticated user to upload arbitrary files to the '/kordil_edms/userpictures/' directory.
MTP Poll script suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Services By CQR