Luis Santana of the HackTalk Security team has found multiple vulnerabilities in Zendesk. These include XSS due to lack of input sanitation in the email address field of the anonymous_requests page, and CSRF due to lack of input sanitation in many forms, the most notable example being the new user creation form which allows an attacker to create a new administrative user.
This exploit is a heap spray attack on the RSP MP3 Player OCX ActiveX control. It was discovered by Blake and tested on Windows XP SP3 (Fr) with IE6. The exploit uses a malicious JavaScript code to open a file with a large number of newline characters, which causes a buffer overflow and leads to arbitrary code execution.
Easy FTP Server v1.7.0.11 is vulnerable to a remote buffer overflow attack when sending specially crafted commands such as NLST, NLST -al, APPE, RETR, SIZE, and XCWD. An attacker can exploit this vulnerability by sending a malicious payload of 272 bytes to the server, which will overwrite the EIP register and execute arbitrary code. The payload used in this exploit is a 228-byte shellcode generated by Metasploit, which will open a calculator window on the target machine.
An attacker can download any file that the owner of the Play! process can read by simply browsing to http://127.0.0.1:9000/public/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd. The '/public' directory must be a directory with a 'staticDir' mapping in the 'conf/routes' configuration file, typically an images or css directory on the server.
A buffer overflow vulnerability exists in Microsoft Media Player 4.4.4. An attacker can exploit this vulnerability by sending a specially crafted .m3u file containing a large amount of data, resulting in a denial of service condition or the execution of arbitrary code. This vulnerability affects Windows XP SP2.
Sopcast POC by Sud0 is a stack buffer overflow vulnerability which was tested on Windows XP SP3 EN on VBox with IE 7. The exploit requires internet connection on the box to trigger the vulnerability. After spraying a lot to get a nice unicode usable address 0x20260078, a set of P/P/R instructions are sprayed to come back to the stack. After the spray is finished, the Sopcast control will be loaded and shown on the page. After waiting for approx 3 to 5 seconds, a message box should appear.
This exploit is a buffer overflow vulnerability in Dr.IDE AoA Audio Extractor. It allows an attacker to execute arbitrary code on the vulnerable system by sending a specially crafted file to the application. The vulnerability is caused due to a boundary error when handling the file name. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted file with an overly long file name.
Many parameters are not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Mthree Development MP3 to WAV Decoder is vulnerable to a denial of service attack when a malicious .mp3 file is opened using Mthree. When the malicious file is double clicked, the application crashes.
Some parameters, such as articleid and catid, are not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The articleid parameter is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Services By CQR