w-CMS 2.0.1 is vulnerable to Local File Disclosure and Local File Edit/Write. An attacker can exploit these vulnerabilities to gain access to sensitive information such as boot.ini and etc/passwd files, as well as edit/write local files.
This module exploits a buffer overflow in Csound before 5.16.6. The overflow occurs when trying to import a malicious hetro file from tabular format. In order to achieve exploitation the user should import the malicious file through csound with a command like 'csound -U het_import msf.csd file.het'. This exploit doesn't work if the 'het_import' command is used directly to convert the file.
This module exploits a vulnerability found in TRENDnet SecurView Internet Camera's ActiveX control. By supplying a long string of data as the sFilter argument of the OpenFileDlg() function, it is possible to trigger a buffer overflow condition due to WideCharToMultiByte (which converts unicode back to) overwriting the stack more than it should, which results arbitrary code execution under the context of the user.
GENU CMS is vulnerable to a SQL injection vulnerability due to improper sanitization of user-supplied input in the 'article_id' parameter of the 'read.php' script. An attacker can exploit this vulnerability to gain access to the application's database, including sensitive information such as usernames and passwords.
Playing with my TV, I found a bug that can crash the device. Running a hping command against a Sony Bravia TV (KDL-32CX525), all the functions stop working instantly. You cannot change the volume, channels or access any function. Instantly. After 35 seconds the TV stop working and back. This happens 3 times. At fourth time, the TV shuts down. In less than 3 minutes, the TV is off remotely. It is necessary to turn on the TV physically.
The Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547) contains a vulnerability in the SaveMiniLaunchFile() method that allows a remote attacker to create or overwrite files on the vulnerable system. This vulnerability can be exploited by an attacker to create or overwrite arbitrary files on the vulnerable system. The vulnerability is due to the lack of proper input validation when handling the file path argument of the SaveMiniLaunchFile() method. An attacker can exploit this vulnerability by crafting a malicious HTML page that contains a specially crafted JavaScript code that calls the SaveMiniLaunchFile() method with a malicious file path argument.
This vulnerability allows an attacker to create or overwrite a file on the vulnerable system. The vulnerability exists due to an ActiveX control (QExplain2.dll 6.6.1.1115) included with Quest Toad for Oracle that fails to properly validate user-supplied input. An attacker can exploit this vulnerability by convincing a user to open a malicious HTML page that contains a malicious script. This script can then be used to create or overwrite a file on the vulnerable system.
A vulnerability exists in getcity.php that allows for SQL injection of the 'country' POST parameter.
A vulnerability exists in index.php for language handling that allows for local file inclusion using a null-byte attack on the 'lang' GET parameter.
A vulnerability exists in loginscript.php that allows for SQL injection of the 'user_name' and 'password' POST parameters.
Services By CQR