When IBM TSM communicates with the suid root backup client dsmtca, it is handled through pipes. The function GeneratePassword() does not perform boundary checking, which can lead to a classic stack based buffer overflow - making local code execution possible. An attacker can achieve arbitrary code execution by placing his shellcode in the LANG environment variable, and then overwrite the return address of GeneratePassword() with the known address that the value is copied to.
Remote attackers can inject arbitrary web script or HTML code via f and fp variables by using the URL http://localhost/?p=foo/bar/ph33r.git;a=blobdiff;f=[XSS];fp=[XSS], where [XSS] is the malicious code.
The vulnerability exists due to failure in the 'admin/libs/ADMIN.php' script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability. The vulnerability exists due to failure in the 'action.php' script to properly sanitize user-supplied input in 'body' variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentiaction credentials, disclosure or modification of sensitive data.
The vulnerability exists due to failure in the "bedita-app/controllers/modules/admin_controller.php" script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. User can execute arbitrary JavaScript code within the vulnerable application. The vulnerability exists due to failure in the "bedita-app/controllers/modules/news_controller.php" script to properly sanitize user-supplied input in "data[label]" variable. Successful exploitation of thi vulnerability could result in a compromise of the application, disclosure or modification of sensitive data, session hijacking, etc.
A vulnerability exists in the 'Pointter PHP Micro-Blogging Social Network' authentication system which allows for administrative privileges by crafting two specific cookies with arbitrary values.
A vulnerability exists in the 'Pointter PHP Content Management System' authentication system which allows for administrative privileges by crafting two specific cookies with arbitrary values.
This exploit is a proof of concept for a buffer overflow vulnerability in Easy DVD Creator. The exploit creates a file with 1000 A characters and then starts the file, causing the application to crash.
This exploit is a proof of concept for a buffer overflow vulnerability in Digital Audio Editor 7.6.0.237. The vulnerability is triggered when a specially crafted .cda file is opened, causing the application to crash. The exploit code creates a file with 1000 A characters, which when opened in Digital Audio Editor 7.6.0.237, causes the application to crash.
MantisBT is a free popular web-based bugtracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a webserver. MantisBT has been installed on Windows, Linux, Mac OS, OS/2, and others. Almost any web browser should be able to function as a client. It is released under the terms of the GNU General Public License (GPL). Mantis Bug Tracker suffers from a local file inlcusion/disclosure (LFI/FD) vulnerability when input passed thru the 'db_type' parameter (GET & POST) to upgrade_unattended.php script is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.
MantisBT is a free popular web-based bugtracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a webserver. MantisBT has been installed on Windows, Linux, Mac OS, OS/2, and others. Almost any web browser should be able to function as a client. It is released under the terms of the GNU General Public License (GPL). Mantis Bug Tracker suffers from a cross-site scripting and a path disclosure vulnerability. The XSS issue is triggered when input passed via the 'db_type' parameter to the admin/upgrade_unattended.php script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The PD weakness is caused due to the application displaying the full installation path in an error report, when supplying an invalid 'db_type' parameter to the admin/upgrade_unattended.php script.
Services By CQR