The unirpc service listening on port 31438 is affected by various Denial of Service vulnerabilities regarding the access of invalid zones of memory. Although the first vulnerability is a memory corruption problem where the program calls recv() using a heap buffer and a huge amount of data to copy (like 0x7fffffe8, decided by the attacker) in my tests it didn't result exploitable.
A denial of service vulnerability exists in DJ Legend due to a lack of proper input validation when handling .pls files. An attacker can exploit this vulnerability by creating a malicious .pls file containing a large amount of data and sending it to the target user. This will cause the application to crash when the file is opened.
This exploit allows an attacker to upload a malicious shell to the vulnerable KCFinder 2.2 application. The attacker can then access the shell by visiting the browse.php page and executing the shell. The attacker can then execute arbitrary code on the vulnerable system.
Ease Jukebox 1.30 is vulnerable to a Denial of Service attack when a maliciously crafted .skn file is placed in the skin folder. When the application is opened and the malicious skin is selected, the application crashes.
This exploit allows an attacker to upload a malicious file to the target server, which can then be used to gain access to the server. The attacker can upload a malicious file such as a PHP shell, which can then be used to execute arbitrary code on the server. The attacker can then use the shell to gain access to the server and potentially gain access to sensitive data.
The in_mkv plugin uses a particular function (address 077078c0) for reading text strings from the Matroska containers. The operations performed are the reading of the ebml numeric value (64bit), the allocation of memory corresponding to that value (32bit) plus 1 and the subsequent reading of the data from the file leading to possible code execution. The in_nsv plugin is affected by an heap-overflow caused by the function (address 077ca422) that first verifies the size of the metadata string contained in the file adding 1 to it and then copies 0x1fffffff bytes in a heap buffer leading to possible code execution. The in_midi plugin is affected by an heap-overflow caused by the function (address 077d7f2f) that first verifies the size of the metadata string contained in the file adding 1 to it and then copies 0x1fffffff bytes in a heap buffer leading to possible code execution. The in_mod plugin is affected by a stack-based buffer-overflow caused by the function (address 077d7f2f) that copies 0x1fffffff bytes in a stack buffer leading to possible code execution.
Exponent CMS suffers from multiple vulnerabilities: Local File Inclusion / File Disclosure Vulnerability occurs when input passed thru the params: 'action', 'expid', 'ajax_action', 'printerfriendly', 'section', 'module', 'controller', 'int', 'src', 'template', 'page', '_common' to the scripts: 'index.php', 'login_redirect.php', 'mod_preview.php', 'podcast.php', 'popup.php', 'rss.php' is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes. Arbitrary File Upload / File Modify Vulnerability occurs due to an error in 'upload_fileuploadcontrol.php', 'upload_standalone.php', 'manifest.php', 'delete.php', 'edit.php', 'manage.php', 'rank_switch.php', 'save.php', 'view.php', 'class.php', 'deps.php', 'delete_form.php', 'delete_process.php', 'search.php', 'send_feedback.php', 'viewday.php', 'viewmonth.php', 'viewweek.php', 'testbot.php', 'activate_bot.php', 'deactivate_bot.php', 'manage_bots.php', 'run_bot.php', 'class.php', 'delete_board.php', 'delete_post.php', 'edit_board.php', 'edit_post.php', 'edit_rank.php', 'monitor_all_boards.php', 'monitor_board.php', 'monitor_thread.php', 'preview_post.php', 'save_board.php', 'save_post.php', 'save_rank.php', 'view_admin.php', 'view_board.php', 'view_rank.php', 'view_thread.php', 'banner_click.php', 'ad_delete.php', 'ad_edit.php', 'ad_save.php', 'af_delete.php', 'af_edit.php', 'af_save.php', 'delete_article.php', 'edit_article.php', 'save_article.php', 'save_submission.php', 'submit_article.php', 'view_article.php', 'view_submissions.php', 'coretasks.php', 'delete_task.php', 'edit_task.php', 'save_task.php', 'view_task.php', 'delete_form.php', 'delete_process.php', 'edit_form.php', 'edit_process.php', 'save_form.php', 'save_process.php', 'view_form.php', 'view_process.php' which can be exploited to upload arbitrary files with malicious code in them. Reflected Cross-Site Scripting Vulnerability occurs due to an error in 'index.php', 'login_redirect.php', 'mod_preview.php', 'podcast.php', 'popup.php', 'rss.php' which can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Sun Solaris <= 10 'su' contains a NULL pointer dereference vulnerability due to insufficient checks when handling environment variables in 'su' code. An attacker can exploit this vulnerability by passing a controllable malloc() call with no checking on returned value, which can lead to a segmentation fault.
Oracle VS Agent is prone to a remote command execution vulnerability because the software fails to adequately sanitize user-supplied input. Oracle VS Agent exposes through XML-RPC several functions. One of these functions is validate_master_ip, which receives fqdn as a parameter. This parameter is used in a system call without proper sanitization, allowing an attacker to inject arbitrary commands.
This vulnerability allows an attacker to inject malicious code into a vulnerable web page. The code is executed when the page is loaded by the victim. The vulnerability is caused by the way the Oracle Java Applet handles the "children" property. An attacker can exploit this vulnerability by creating a malicious applet and embedding it in a vulnerable web page.
Services By CQR