Casinosoft Casino Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Remote command execution on 'becommunity' (modules that support by BBS e-market professional) makes insecure calls to the include() function of PHP (works on 'pageurl=' functions) which can allow the inclusion of remote files, and thereby the execution of arbitrary commands by remote user with the web server user permissions, usually 'nobody'.
This module exploits a stack buffer overflow in HP LoadRunner before 11.52. The vulnerability exists on the LoadRunner Agent Process magentproc.exe. By sending a specially crafted packet, an attacker may be able to execute arbitrary code.
This exploit allows an attacker to gain root access on Progress Database Server v8.3b on Linux and SCO-Unix systems. The exploit was discovered by krfinisterre@checkfree.com and can be used by running the prodbx binary with the appropriate parameters. The exploit contains shellcode for Linux and SCO-Unix systems. The Linux shellcode is a regular shellcode for Linux on the x86 architecture, while the SCO shellcode is specific to SCO-Unix systems.
Multiple Computer Associates products are prone to multiple buffer-overflow vulnerabilities because the applications using an affected library fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Exploiting these issues allows attackers to execute arbitrary machine code within the context of the affected application.
Local attackers can exploit this issue to corrupt memory and execute arbitrary code with kernel-level privileges. Successful exploits may facilitate a complete system compromise.
This exploit targets a vulnerability in the FreeBSD 9.0 kernel that allows for privilege escalation. The exploit takes advantage of a flaw in the Intel SYSRET instruction. By manipulating the IDT (Interrupt Descriptor Table), the exploit is able to gain kernel-level privileges. The payload function is responsible for executing the privilege escalation.
Skype is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before using it in the format-specification argument of a formatted-printing function. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application, potentially facilitating the remote compromise of affected computers.
The ja-elvis and ko-helvis packages on FreeBSD versions prior to ja-elvis-1.8.4_1 and ko-helvis-1.8h2_1 contain a file recovery utility called 'elvrec' that is installed suid root(4755) by default. This utility is vulnerable to a buffer overflow, which can be exploited to gain root privileges.
This exploit allows an attacker to include local files on the server running Serendipity version 1.0.3. It works when the server has register_globals set to On.
Services By CQR