An attacker can exploit a SQL injection vulnerability in the Joomla Discussions Component (com_discussions) to gain access to the database. The attacker can use the vulnerable URL parameter 'thread' to inject malicious SQL code. The attacker can use the malicious code to gain access to the database and extract sensitive information such as usernames and passwords.
This exploit is a remote denial of service attack against Linux systems running kernel versions 2.6.36 and earlier. It sends a malicious IGMP packet to the target system, causing it to panic.
This module exploits a vulnerability found in McAfee Security-as-a-Service. The ShowReport() function (located in the myCIOScn.dll ActiveX component) fails to check the FileName argument, and passes it on to a ShellExecuteW() function, therefore allows any malicious attacker to execute any process that's on the local system. However, if the victim machine is connected to a remote share (or something similiar), then it's also possible to execute arbitrary code. Please note that a custom template is required for the payload, because the default Metasploit template is detectable by McAfee -- any Windows binary, such as calc.exe or notepad.exe, should bypass McAfee fine.
This module exploits a buffer overflow in BS.Player 2.57. When the playlist import is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution.
PHPDomainRegister v0.4a-RC2-dev contains a vulnerability in the class_AjaxLogin.php file, line 73, where the function is_login() includes the config.php file, line 2, and sets the username session variable, line 4, with the value of the POST username parameter, line 3. This allows an attacker to bypass authentication by setting the username parameter to ' or 1=1 #. Additionally, the index.php file, line 617, contains a SQL injection vulnerability, where the value of the GET pid parameter is used in a SQL query, line 1, without being sanitized. This allows an attacker to inject arbitrary SQL code into the query.
Cloupia End-to-end FlexPod Management is vulnerable to a directory traversal attack due to a flaw in the jQuery File Tree Java-Server-Page file. This vulnerability allows an unauthenticated attacker to traverse the file system of the host server, beyond the realm of the web service itself.
This vulnerability allows an attacker to execute arbitrary assembly code on a vulnerable Windows system. By opening a malicious document file, an attacker can execute a python script which will execute arbitrary assembly code. This vulnerability affects Windows 7 32bit systems that are fully patched until Jan 2012.
Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server). The attacker must be logged in to MySQL via phpMyAdmin. Works on Windows and Linux Versions 3.3.X and 3.4.X
zend_strndup() may return NULL in php code, many calls to zend_strndup() dosen't checks returned values. In result, places like zend_builtin_functions.c may cause segmentation fault.
This module exploits a buffer overflow in the encryption option handler of the FreeBSD telnet service.
Services By CQR