Vulnerabilities have been discovered in the index page of AneCMS v.2e2c583. The source code of index.php contains an include statement that allows an attacker to include arbitrary files from the local file system. The proof of concept (PoC) for this exploit is to send a crafted HTTP request with a parameter 'p' containing the path of the file to be included, such as 'http://localhost/acp/index.php?p=../../../../windows/system.ini%00' or 'http://localhost/acp/index.php?p=../../../../[localfile]%00'.
The vulnerability exists in the jokes/index.php file, where an attacker can inject malicious SQL code into the 'id' parameter. An example of this is jokes/index.php?action=show&id=9999999999999999999999999999+union+select+1,1,nick,pwd,1,1+from+dzp_users+where+id=1--+, which can be used to extract sensitive information from the database.
This module exploits a vulnerability found in Sysax's SSH service. By supplying a long username, the SSH server will copy that data on the stack without any proper bounds checking, therefore allowing remote code execution under the context of the user. Please note that previous versions (before 5.53) are also affected by this bug.
Multiple persistent input validation vulnerabilities are detected on Endians WAF UTM appliance application. The vulnerability allows an attacker to manipulate specific application requests via persiistent input validation.
The login.php page has multiple SQL injection vulnerabilities. Both the 'username' and 'password' parameters are vulnerable to SQL Injection. The vulnerability exists via the POST method.
A specially crafted .zws file can cause a memory corruption in Passport PC To Host, a terminal emulation software by Zephyr Corporation. The file contains a header of '[Connection]Host=' followed by 150 'a' characters. When the file is opened, the memory corruption occurs.
A SQL injection vulnerability exists in phxEventManager 2.0 beta 5 search.php search_terms parameter. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can potentially result in the manipulation or disclosure of arbitrary data.
This module exploits a stack buffer overflow vulnerability in VideoLAN VLC < 0.9.6. The vulnerability exists in the parsing of RealText subtitle files. In order to exploit this, this module will generate two files: The .mp4 file is used to trick your victim into running. The .rt file is the actual malicious file that triggers the vulnerability, which should be placed under the same directory as the .mp4 file.
This module exploits a stack-based buffer overflow in DJ Studio Pro 5.1.6.5.2. When handling a .pls file, DJ Studio will copy the user-supplied data on the stack without any proper bounds checking done beforehand, therefore allowing code execution under the context of the user.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installation of Novell Groupwise Client. User must open a malformed Novell Abook file with the vulnerable client. The vulnerability is caused due to a boundary error within the processing of Novell Abook files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted Novell Abook file.
Services By CQR