The Remote Desktop Protocol is used by the 'Terminal Services / Remote Desktop Services' and works at kernel level on port 3389. There is an use-after-free vulnerability located in the handling of the maxChannelIds field of the T.125 ConnectMCSPDU packet (offset 0x2c of the provided proof-of-concept) when set to a value minor/equal than 5. The problem happens during the disconnection of the user started with RDPWD!NM_Disconnect while the effect of the possible code execution is visible in termdd!IcaBufferAlloc (or termdd!IcaBufferAllocEx on Windows 7/2008) after termdd!IcaGetPreviousSdLink returns an invalid memory pointer, t.i. a pointer to a freed memory area.
Epson EventManager is a program started when the computer starts and listens on port 2968 ('Network Scan' enabled by default), it allows to automate some actions of the Epson scanners (like the scan&save button) through the PushScan protocol. The secure strncpy function that copies the 'x-protocol-version' string in a 7 bytes buffer can be forced to (auto)terminate the program if it's longer than that size and starts with '1.'
Buffer overflow on port 2502 while copying of the message string into a small heap buffer. The overflow occurs when the length of the message string is greater than 0x3f8 bytes.
The bug is based on smarty_ajax plugin which is included in this script and other scripts as well. Demo: Html Injection + Cross site scripting (for the xss you must user IExplorer Or mozilla Firefox) and Local File Inclusion.
Encaps PHP Gallery is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The vulnerable parameter is 'item_id' which is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. An attacker can use this vulnerability to bypass authentication, access, modify and delete data in the back-end database.
The web interface of this router is affected by muktiple CSRF vulnerabilities which allows to change router parameters and among other things - to change Wireless Passphrase.
Maxs Guestbook is vulnerable to Local File Inclusion (LFI), Persistent Cross-Site Scripting (XSS) and File Path Disclosure (FPD). An attacker can exploit the LFI vulnerability by sending a crafted HTTP request containing a maliciously crafted URL with a directory traversal sequence (../../../../../../../../../../../../../../../../etc/passwd%00). The Persistent XSS vulnerability can be exploited by sending a crafted HTTP request containing a maliciously crafted payload in the 'Name' field (e.g. <script>alert('hello')</script>). The FPD vulnerability can be exploited by sending a crafted HTTP request containing a maliciously crafted URL with an array parameter (e.g. page[]=2).
The vulnerability is a Local File Inclusion (LFI) vulnerability which allows an attacker to read arbitrary files on the server. The vulnerable parameter is 'old' which can be exploited by appending '../' to the URL. The application is also vulnerable to Persistent XSS which can be exploited by entering a malicious payload in the 'Homepage' field. Lastly, the application is vulnerable to Forced Path Disclosure (FPD) which can be exploited by manipulating the 'aantal' parameter in the comment.php page.
Modx 2.2.0 is vulnerable to Local File Inclusion and Full Path Disclosure. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The filter added in 2.2.0pl2 can be bypassed by using a null byte (%00) at the end of the URL. This vulnerability can be used to gain access to sensitive information and execute malicious code on the vulnerable server.
A CSRF vulnerability exists in 4images - Image Gallery Management System version 1.7.7, which allows an attacker to change the mail of a user or admin by sending a malicious link. The malicious link contains a form with hidden fields that contain the new mail address. When the victim visits the malicious link, the form is automatically submitted and the mail address is changed.
Services By CQR