Cartweaver ColdFusion is prone to SQL-injection vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input before using it in SQL queries. Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
The vulnerability allows attackers to bypass security applications by exploiting the multiple differing algorithms used by the operating system to resolve file paths. Attackers can use this weakness to bypass security software such as antivirus and antispyware products, and potentially execute other attacks.
A vulnerability has been identified within Winzip that allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The flaw exists within 'FileView' ActiveX control which contains stack-based overflow conditions. This exploit generates a malicious HTML page and contains shellcode embedded within an image file. Due to the random nature of the heap, this exploit uses hard-coded location of the image bytes within the heap and as such is unreliable in exploitation of this bug, but has approximately 1 in 6 hit ratio within the tested environment.
Multiple Cisco products are susceptible to a content-filtering bypass vulnerability. This issue allows users to bypass content-filtering and access forbidden websites.
The vulnerability allows remote attackers to execute arbitrary code on the affected system.
This module exploits a remote code execution vulnerability in the pickle handling of the rendering code in the Graphite Web project between version 0.9.5 and 0.9.10(both included).
The exploit takes advantage of a buffer overflow vulnerability in freeFTPd 1.0.10. It allows an attacker to execute arbitrary code by sending a specially crafted payload to the server. The exploit uses an egghunter technique to find and execute the shellcode. The shellcode spawns a cmd.exe shell. The exploit has been tested on Windows XP SP3.
GCM16 (v.1.18.0.22011) and older versions of this KVM switch contain a flaw that allows a remote authenticated user to execute unauthorized commands as root. This flaw exists because webapp variables are not sanitized. In this case, parameters $count and $size from ping.php allow to create a special crafted URL to inject text to an exec() so it can be arbitrarily used to execute any command on the KVM embedded linux.
This code contains a buffer overflow vulnerability. The shellcode is stored in the 'shellcode' variable and is executed when the vulnerable function is called. The vulnerability can be exploited by sending a specially crafted input to the vulnerable function, causing it to overwrite memory beyond the buffer boundaries. This can lead to arbitrary code execution.
SimpleBBS is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to execute arbitrary PHP commands in the context of the webserver process. This may help attackers compromise the underlying system; other attacks are also possible.
Services By CQR