HylaFAX+ contains a daemon, 'hfaxd', that allows a 'fax client' to communicate with the fax server to submit fax jobs, query status, configure modems, etc. The code path for authenticating users via LDAP allocates a 255-byte buffer and then 'strcats' user-supplied data buffered from the inbound FTP control channel. It is possible for an UNAUTHENTICATED remote attacker to overflow the heap with a limited character set, leading to potential crashes or hangs. No actual exploit leveraging this vulnerability has been constructed yet.
This exploit allows an attacker to execute remote commands and escalate privileges in PHPGraphy 0.9.12. It works against servers with register_globals=on. The attacker can specify the target server, path to PHPGraphy, and the command to execute. Optional parameters include specifying a different port or using a proxy. This exploit has been developed by rgod. The dork used to find vulnerable sites is intext:"This site is using phpGraphy" | intitle:"my phpgraphy site". Contact information for the author is provided as mail: retrog@alice.it and site: http://retrogod.altervista.org.
The SQL injection occurs due to a user supplied HTTP header being used in the query without sanitisation.
This is a poc intended to exploit the 3Com TFTP Service version 2.0.1 long transporting mode buffer overflow under xp sp2 english (Vulnerability discovered by Liu Qixu)
PLESK is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
The vulnerabilities in CA eTrust Security Command Center and eTrust Audit are due to the lack of user input validation and design errors in user permissions and secure data-transmission protocols. An attacker can exploit these vulnerabilities to access sensitive information, delete files, and carry out replay attacks.
The vulnerabilities in CA eTrust Security Command Center (eSCC) and eTrust Audit include an information-disclosure issue, an arbitrary-file-deletion issue, and a replay issue. These vulnerabilities are due to the software's failure to validate user input and design errors in handling user permissions and secure data-transmission protocols. An attacker can exploit these vulnerabilities to access sensitive information, delete arbitrary files, and carry out external replay attacks.
Quintessential Player 4.50.1.82 and lower experience a memory corruption when attempting to parse out malformed Playlist files. This possibly could lead to execution of code. The proof of concept is provided in PLS format.
The xklock program in FreeBSD 3.5.1 and 4.2 ports package contains several exploitable buffer overflows in command line arguments as well as the 'JNAME' environment variable. This exploit abuses the -bg argument.
PHP-Post is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting, SQL-injection, and remote file-include issues, because the application fails to sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, exploit vulnerabilities in the underlying database implementation, or include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. Other attacks are also possible.
Services By CQR