WinDirectAudio is vulnerable to a buffer overflow vulnerability when a specially crafted .WAV file is opened. This can be exploited to cause a stack-based buffer overflow via an overly long string. This may allow an attacker to execute arbitrary code.
A vulnerability exists in the Online University web application which allows an attacker to bypass authentication by providing a crafted Login ID and Password. This vulnerability works only when the magic_quotes_gpc is set to off. The PoC for this vulnerability is to provide the Login ID as ' or '1=1 and the Password as ' or '1=1.
ConPresso 4.0.7 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'id' in the 'firma.php' file. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.
SolarWinds TFTP Server 10.4.0.10 Remote DoS Exploit by Nullthreat. The application will not crash, but it will stop accepting connections. A malicious user can send a specially crafted packet with an opcode of 1 (Read Request) and a single byte of 0x01 to the server, which will cause the server to stop accepting connections.
3Com's iMC (Intelligent Management Centre) provides professional management of 3Com and third party network devices, the IMC is normally accessed using a web browser over port 8080. Various IMC pages are vulnerable to a reflective XSS attack, including the login page. Various pages also disclose information including the SQL sa account password which might be used to assist in carrying out further attacks.
3Com's iMC (Intelligent Management Centre) provides professional management of 3Com and third party network devices, the IMC is normally accessed using a web browser over port 8080.Procheckup has discovered that the IMC management console is vulnerable to a unauthenticated directory traversal attack within the reporting functionality. Directory traversal allows Files to be retrieved from the target server outside the webroot, provided that the location on the file system is known. No authentication is required to exploit this vulnerability.
A buffer overflow vulnerability exists in Rumba FTP Client FTPSFtp.dll v4.2.0.0 when the OpenSession() function is called with an overly long argument. This can be exploited to execute arbitrary code by tricking a user into visiting a malicious web page.
Multiple security issues were discovered which can be categorized as : Lack of Authentication, SQL Injection, Cross-Site Scripting, Local File Include. When the 'Use Passwords' option is activated, Open-AudIT requires a user and password to be provided to access the web administrative interface. However, several scripts will not properly verify authentication before accepting requests. This allows an attacker to add or remove information in the database concerning the audited systems, obtain or modify system configurations like SMTP or LDAP server addresses etc. Also, the 'backup' folder has user a password protection, but the password is hardcoded in the 'backup.php' script. The 'search.php' script is vulnerable to SQL injection, Cross-Site Scripting and Local File Include.
This ActiveX is marked as: RegKey Safe for Script: False, RegKey Safe for Init: False, Implements IObjectSafety: True, IDisp Safe: Safe for untrusted: caller, data, IPStorage Safe: Safe for untrusted: caller, data, KillBitSet: False. This is the list of all vulnerable components: vsflex7L.ocx v. 7.0.1.151, vsflex8.ocx v. 8.0.20072.239, vsflex8d.ocx v. 8.0.20072.239, vsflex8l.ocx v. 8.0.20072.239, vsflex8n.ocx v. 8.0.20072.239. The exploit code includes a VBScript that creates a buffer of 268 characters, followed by a jump to the ESP register from shell32.dll, 12 NOPs, and a shellcode that executes calc.exe.
The vulnerability exists due to insufficient filtration of user-supplied data passed via the 'id_page' parameter to the '/index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication, gain access to sensitive data, modify data, etc.
Services By CQR