Multiple input validation vulnerabilities in phpBugTracker allow remote attackers to execute arbitrary SQL commands via the (1) bugid parameter in bug.php, or execute arbitrary script code via the (2) op parameter in bug.php or (3) op parameter in user.php.
phpBugTracker is prone to multiple input validation vulnerabilities, including SQL injection, cross-site scripting, and HTML injection. These vulnerabilities are a result of the application failing to properly sanitize user-supplied input. The SQL injection vulnerabilities can allow remote attackers to manipulate query logic, potentially leading to unauthorized access to sensitive information or database corruption. The cross-site scripting and HTML injection vulnerabilities can allow attackers to execute arbitrary script code in the browser of unsuspecting users, potentially stealing authentication credentials and other sensitive information.
A remote attacker can exploit a vulnerability in Microsoft Outlook and Outlook Express by sending a malicious email containing a NULL character in the message body. This can cause the GUI to stop responding, resulting in a denial of service condition for users.
Zaep AntiSpam is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI input. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
The exploit creates a lock file for each user in the /var/mail directory and sets its permissions to 0. This prevents mailx from working for all users except those who can erase the lockfile. However, even for those users, mailx will hang for a long time.
This exploit is to prove that the bug in sendmail 8.12.8 and below is vulnerable. On successful POC exploitation, the program should crash with a segmentation fault.
The Neon client library is prone to multiple remote format string vulnerabilities. This is due to a failure of the application to properly implement format string functions. An attacker can exploit these vulnerabilities to execute arbitrary code on the affected system, in the security context of the server process.
The PHP-Nuke application is vulnerable to multiple SQL injection vulnerabilities. These vulnerabilities occur due to a lack of proper sanitization of user input. An attacker can exploit these vulnerabilities to modify database queries and potentially gain unauthorized access to sensitive information. Two specific examples of the exploits are provided in the report.
This exploit targets a vulnerability in Inmatrix Ltd. Zoom Player v8.5. By crafting a malicious JPEG file, an attacker can trigger a memory corruption issue and execute arbitrary code on the targeted system.
PHP-NuKe is vulnerable to a remote cross-site scripting (XSS) vulnerability. The vulnerability is caused by the 'cookiedecode()' function failing to properly sanitize user-supplied cookie parameters. This allows a remote attacker to create a malicious link that includes hostile HTML and script code. If a victim user follows this link, the hostile code may be rendered in their web browser, potentially leading to the theft of cookie-based authentication credentials or other attacks.