A security vulnerability in Internet Explorer, versions 6–10, allows your mouse cursor to be tracked anywhere on the screen, even if the Internet Explorer window is inactive, unfocused or minimised. The vulnerability is notable because it compromises the security of virtual keyboards and virtual keypads. An attacker can get access to your mouse movements simply by buying a display ad slot on any webpage you visit. This is not restricted to lowbrow porn and file-sharing sites. Through today’s ad exchanges, any site from YouTube to the New York Times is a possible attack vector. Internet Explorer’s event model populates the global Event object with some attributes relating to mouse events, even in situations where it should not. Combined with the ability to trigger events manually using the fireEvent() method, this allows JavaScript in any webpage (or in any iframe within any webpage) to poll for the position of the mouse cursor anywhere on the screen and at any time—even when the tab containing the page is not active, or when the Internet Explorer window is unfocused or minimized.
This module exploits a stack buffer overflow in HP Data Protector 4.0 SP1. The overflow occurs during the login process, in the DtbClsLogin function provided by the dpwindtb.dll component, where the Utf8Cpy (strcpy like function) is used in an insecure way with the username. A successful exploitation will lead to code execution with the privileges of the 'dpwinsdr.exe' (HP Data Protector Express Domain Server Service) process, which runs as SYSTEM by default.
This exploit is a proof-of-concept (POC) for a CSRF vulnerability in PHP Nuke 8.2.4. The exploit uses a malicious HTML page to submit a form to the vulnerable application, which adds a new group with the name “testing” and description “testing for CSRF”. The form is submitted using a JavaScript script.
A buffer overflow vulnerability exists in IrfanView 4.33 when processing XCF files. An attacker can exploit this vulnerability to execute arbitrary code by supplying a specially crafted XCF file. The vulnerability is caused due to a boundary error when processing the 0x004ABABC value in the simple.xcf file, which can result in a stack-based buffer overflow. This can be exploited to execute arbitrary code by overwriting the EIP register with a pointer to the shellcode. The vulnerability has been tested on Windows XP SP3 and Windows 7 x64. The vulnerability has been fixed in the current release IrfanView 4.35.
MyBB Profile Blogs plugin suffers from SQL Injection & Stored XSS. The vulnerabilities exist withing profileblogs.php which located in /plugins/ folder. For SQL Injection, the vulnerable part is the edit GET parameter in the profileblogs.php file. For Stored XSS, the post subject is stored in the database without XSS protection and also comes out without XSS protection.
JooProperty is a real estate component developed for Joomla 1.7 and 2.5 with complex integrated booking features, price calculation for different seasons and comment and rating functions. The component is based on com-property for Joomla 1.5 of Fabio Ueltzinger and offers the possibility to import the database of com-property V3 and V4 to migrate your realty website to Joomla 2.5. All property relevant information like categories, locations, description, extras/amenities, season, price categories, prices and special fees can be translated. The vulnerable parameter is 'product_id' which is a querystring of type GET. Attack patterns for SQL injection and Cross Site Scripting are provided in the text.
The Bank v3 MyBB plugin is vulnerable to a SQL injection attack due to the variable '$mybb->input['id']' remaining unsanitized. An attacker can exploit this vulnerability by sending a malicious POST request to the bank.php page with the parameters 'r_pay' and 'r_username' containing a SQL injection payload. This will allow the attacker to execute arbitrary SQL queries on the vulnerable system.
A vulnerability in DIMIN Viewer 5.4.0 allows an attacker to execute arbitrary code by crafting a malicious GIF file. The vulnerability is due to a buffer overflow in the WriteAV function, which is triggered when the application processes a specially crafted GIF file. This can be exploited to execute arbitrary code by tricking a user into opening a malicious GIF file.
The vulnerability exists due to improper handling of URI length within the "HttpUtils.dll" dynamic-link library. A remote attacker can send a specially crafted HTTP GET request of 161, 257 or 255 characters long to 30888/TCP port (default TVMOBiLi's server port) and cause a stack-based buffer overrun that will crash tvMobiliService service.
High-Tech Bridge Security Research Lab discovered two vulnerabilities in Achievo, which can be exploited to perform SQL injection and cross-site scripting (XSS) attacks. The first vulnerability is an SQL Injection vulnerability in the 'dispatch.php' script while handling the 'activityid' HTTP GET parameter. A remote authenticated attacker can inject and execute arbitrary SQL commands in application's database. The second vulnerability is a Cross-Site Scripting (XSS) vulnerability in the 'include.php' script when handling the 'field' HTTP GET parameter. A remote attacker can execute arbitrary HTML and script code in user's browser in context of a vulnerable website.
Services By CQR