This module exploits a vulnerability found in Netwin SurgeFTP, version 23c8 or prior. In order to execute commands via the FTP service, a valid credential to the web-based administrative console is required.
This module exploits a vulnerability in the MAKETEXT Foswiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since the input is passed to the Perl 'eval' command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. Only Foswiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set) are vulnerable.
This module exploits a vulnerability in the MAKETEXT Twiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since user input is passed to the Perl 'eval' command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. This works in TWiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set).
The vulnerabilities exist due to insufficient sanitation of user-supplied data in URI in the "update_whosonline_reg()" and "update_whosonline_guest()" functions within the "/includes/user_function.php" script. A remote attacker can send a specially crafted HTTP request to one of the following scripts and execute arbitrary SQL commands in application's database: checkuser.php, groups.php, index.php, login.php, quicklogin.php, register.php, Search.php, viewboard.php, viewtopic.php. Successful exploitation of the vulnerabilities may allow attacker to extract sensitive data from the application's database, and even get complete control over the application under certain conditions (such as insecure configuration of database and web servers).
The vulnerability exists due to improper handling of the HTTP CONNECTION header within the 'firefly.exe' binary file. A remote attacker can send a specially crafted packet to 9999/TCP port (FireFly's server default port) with improper CONNECTION header value, leading to a NULL pointer dereference that will cause vulnerable server to crash immediately.
The vulnerability is caused due to a boundary error in PluginManager.dll when handling the value assigned to the 'Path' item in the Admin_RemoveDirectory function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.
The vulnerability is caused due to a boundary error in PimData.dll when handling the value assigned to the 'OrgHeartBeat' item in the CheckCompatibility function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.
The vulnerability is caused due to a boundary error in PimData.dll when handling the value assigned to the 'File' item in the Load function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.
The vulnerability is caused due to a boundary error in WebServices.dll when handling the value assigned to the 'bstrFile' item in the DownloadURLToFile function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.
In gdb-7.5.1/gdb/dwarf2read.c is the following data structure: struct line_header {... unsigned int num_include_dirs, include_dirs_size; char **include_dirs;... struct file_entry { char *name; unsigned int dir_index; unsigned int mod_time; unsigned int length;... } *file_names; } The problem exists when trying to open a malformed ELF that contains a file_entry.dir_index > 0 and char **include_dirs pointing to NULL.
Services By CQR