Ben Hawkes discovered an integer overflow in the Controller Area Network (CAN) subsystem when setting up frame content and filtering certain messages. An attacker could send specially crafted CAN traffic to crash the system or gain root privileges.
A vulnerability in Joomla's com_remository component allows an attacker to upload a malicious file to the server. An attacker can register on the site, then use the com_remository component to upload a malicious file. If the web server allows directory listing, the attacker can find the malicious file in the latest file_image_[latest Number] directory. The Dork for this exploit is inurl:"index.php?com_remository".
The $script_pfad parameter in /guestbook/gbook.php isn't declared before require. So an attacker can execute some php-shellcode about it.
The $script_pfad parameter in /kontaktformular/formmailer.php isn't declared before require. So an attacker can execute some php-shellcode about it.
The script_pfad parameter in news_base.php isn't declared before require, allowing an attacker to inject arbitrary code into the vulnerable application.
User can execute arbitrary JavaScript code within the vulnerable application. An attacker can use browser to exploit this vulnerability.
Hycus CMS 1.0.1 is vulnerable to multiple CSRF vulnerabilities. An attacker can exploit these vulnerabilities to change the admin password and create a new admin user. The attacker can craft a malicious HTML page containing two forms, one to change the admin password and the other to create a new admin user. The attacker can then lure the admin to the malicious page and the forms will be automatically submitted, allowing the attacker to gain access to the admin panel.
Atomic Photo Album 1.0.2 is vulnerable to SQL Injection and Cross-Site Scripting. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable application. An attacker can also exploit this vulnerability by sending a malicious XSS payload to the vulnerable application.
A special tribute to: DannY.iRaQi - TeaM iRaQ HaCkers, an attacker can exploit a Remote File Inclusion vulnerability in oscommerce-3.0a5 by sending a specially crafted HTTP request to the vulnerable server. The request contains a malicious URL in the module parameter of the vulnerable actions.php script.
A vulnerability exists in windows that allows other applications dynamic link libraries to execute malicious code without the users consent, in the privelage context of the targeted application. The exploit involves replacing the color.dll in the Autocad 2007 directory with a maliciously crafted dll and launching Autocad 2007. This will cause the malicious code to be executed, in this case launching the calculator.
Services By CQR