411CC e-Commerce is vulnerable to SQL injection attacks when a malicious user supplies a single quote (') character as part of a query string parameter. This can be exploited to execute arbitrary SQL commands in the back-end database. The vulnerable parameters are 'cat' in the 'home.php' script and 'productid' in the 'product.php' script.
The dynamic linker (or dynamic loader) is responsible for the runtime linking of dynamically linked programs. ld.so operates in two security modes, a permissive mode that allows a high degree of control over the load operation, and a secure mode (libc_enable_secure) intended to prevent users from interfering with the loading of privileged executables. $ORIGIN is an ELF substitution sequence representing the location of the executable being loaded in the filesystem hierarchy. The intention is to allow executables to specify a search path for libraries that is relative to their location, to simplify packaging without spamming the standard search paths with single-use libraries. Despite the confusing naming convention, $ORIGIN is specified in a DT_RPATH or DT_RUNPATH dynamic tag inside the executable itself, not via the environment. The ELF specification suggests that $ORIGIN be ignored for SUID and SGID binaries, however, the GNU C library dynamic linker does not enforce this restriction, allowing $ORIGIN to be used in setuid programs.
This exploit causes a denial of service in Opera 10.63 and previous versions. It is triggered by an SVG element with an <animation> tag. The exploit code consists of an SVG element with an <animation> tag, which causes Opera to crash.
Kisisel Radyo Script is vulnerable to SQL Injection and Remote Database Disclosure. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The maliciously crafted request contains a maliciously crafted SQL query which can be used to extract sensitive information from the database. The Remote Database Disclosure exploit can be used to extract the database name from the vulnerable server.
Tastydir is a cross-platform PHP file management system which allows you to not only replace your traditional FTP client but also allow your users to view directories in a much more aesthetically pleasing way. Tastydir has the option to remotely create folders on your server, but it doesn't check if the user is logged in or not so an attacker can easily create folders from the server and access. An attacker can list all the files from a folder, and can see the permissions for that file and it's size. When a user logs, a cookie named tastydir_auth is created, the data section contains the twice hashed sha1 password of the administrator. An attacker given certain conditions ( by disclosing the hashed password from _tastydir/settings.php ) can forge a cookie to imitate an authentic log in, without having to crack the password, by hashing the hashed password using the sha1 algorithm and inserting it into the cookie. Tastydir has the option to remotely chmod files from your server, but it doesn't check if the user is logged in or not so an attacker can easily chmod the files from the server.
Browser Injection for handling() by Javascript-SQLi Codes. Do not rush to primarily target the site, please register:) javascript:document.cookie="loggedon=[VictimNICK];path=/"; javascript:document.cookie="level=admin;path=/";
DHostCon.exe is prone to local denial of service caused by stack overflow triggered if user-supplied parameters are too long (1074 bytes). Due nature of this vulnerabilty, attackers could exploit this issue to execute arbitrary code on local host.
This exploit allows an attacker to download the database of a vulnerable PHP Hosting Directory 2.0 website. The attacker needs to provide the URL of the vulnerable website and the date of the backup file they want to download. The exploit then downloads the backup file to the local system.
Microsoft Windows is prone to a memory corruption vulnerability when instantiating the 'HtmlDlgHelper Class Object' in a Microsoft Office Document (ie: .XLS, .DOC). The affected vulnerable module is part of Internet Explorer ('mshtmled.dll'). This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.
The solid.exe service listening on port 1315 can be crashed by an external attacker through a malformed type of packet. The bugged function is located at address 0063dc60 which is called recursively if the packet contains a particular value between the range of values 15001 and 15100 (switch 9). The effects of the problem can be: stack exaustion by using over 14000 of these values so that all the memory of the stack gets consumed by these recursive callings, NULL pointer due to the usage of only one of these values where an unused pointer (set to zero) is used in a comparison operation, invalid memory access by using also another type of value after those.
Services By CQR