JDownloader WebInterface is vulnerable to a source code disclosure exploit to due not properly sanitizing user input.
A SQL injection vulnerability exists in Joomla! JE Ajax Event Calender Component. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. The vulnerability is due to insufficient sanitization of user-supplied input in the 'event_id' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. This will allow the attacker to gain access to the database and extract sensitive information.
A design flaw in Windows Kernel API can lead to privilege escalation. After running the PoC, typing “whoami” in command prompt will show the escalated user credentials. All actions this PoC performs require only user privilege, but result in arbitrary kernel mode code execution due to the ambiguous design of RtlQueryRegistryValues. This design flaw exists in most versions of Windows kernels, yet no patch or documentation is publicly available on this issue.
A vulnerability exists in the 'Free Simple Software' download module which allows for a 'UNION SELECT' to easily expose the application administrator's plaintext password.
A vulnerability exists in the search.php code that allows for SQL injection of various parameters. By assembling portions of SQL code between the affected parameters, successful SQL injection into the software can occur. In the testing done, various 'UNION SELECT' SQL injections can occur.
phpvidz does not use a SQL database. Instead it uses a system of flat files to maintain application state. The administrative password is stored within the following file and is included during runtime. Because this file has a .inc extension it is viewable by the attacker. To exploit this issue visit this url: http://localhost/phpvidz_0.9.5/includes/init.inc By default the password is the following constant: define ('ADMINPASSWORD' , '0000' ); This password can be used to login here (A username is not required): http://localhost/phpvidz_0.9.5/admin.php
By default, the vulnerable application can be accessed at http://127.0.0.1/. An attacker can exploit this vulnerability by accessing the URL http://127.0.0.1/phpmotion/fckeditor/editor/filemanager/connectors/test.html, which will allow them to upload a file to the server. The uploaded file can then be accessed at http://127.0.0.1/userfiles/name of file.
ImageShack Toolbar 4.8.3.75 is vulnerable to a remote code execution exploit. The exploit involves setting two vulnerable variables to some integer, which is then stored (in hex) directly in ECX. The attacker then sprays the heap and puts something useful in ECX. This exploit is not marked safe for scripting, so the impact of this issue is small.
Xion Audio Player 1.0.126 is vulnerable to a buffer overflow vulnerability when a specially crafted .m3u8 file is opened. The vulnerability is caused due to a boundary error when copying user-supplied data into a fixed-length buffer. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted .m3u8 file.
A vulnerability in Acidcat CMS v 3.3 (fckeditor) allows an attacker to upload a malicious ASP shell by renaming it to .asp;.jpg. The shell can be uploaded to the server via the 'fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/asp/connector.asp' URL. The shell can be uploaded to the 'read_write/file/' or 'public/File/' directories.
Services By CQR