A local file inclusion vulnerability exists in com_orgchart version 1.0.0. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This can allow the attacker to include and execute arbitrary local files on the vulnerable system.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'controller' parameter to '/components/com_wmi/wmi.php'. This can be exploited to include arbitrary files from local resources via directory traversal attacks.
Upload_images Script (-7777) is prone to an arbitrary file-upload vulnerability because it fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary PHP code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
This module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.2. EasyFTP fails to check input size when parsing 'CWD' commands, which allows for easy stack based buffer overflow exploitation. Later versions may vulnerable, but have not been tested. This exploit utilizes a small piece of code that I've referred to as 'fixRet'. This code allows us to inject of payload of ~500 bytes into a 264 byte buffer by 'fixing' the return address post-exploitation.
Mongoose v2.8 is a Windows based HTTP server. This is the latest version of the application available. Mongoose v2.8 is vulnerable to many remote directory traversal attacks. Technical details include http://172.16.2.102//..%5C..%5C%5C..%5C..%5C%5C..%5C..%5C%5C..%5C..%5Cboot.ini, http://172.16.2.102/..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini, and http://172.16.2.102/..%5C..%5Cboot.ini.
MultiThreaded HTTP Server v1.1 is a Java based HTTP server. This is the latest version of the application available. MultiThreaded HTTP Server is vulnerable to remote source disclosure attacks. Attackers can exploit this vulnerability by sending crafted HTTP requests to the server. The requests can be in the form of http://[ webserver IP][:port]/[ file ][.] http://[ webserver IP][:port]/[ file ][::$DATA] http://[ webserver IP][:port]/[space] (Weird, only works for default index page)
A SQL injection vulnerability exists in Joomla Component JTM Reseller. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can result in the manipulation or disclosure of application data.
A SQL Injection vulnerability exists in Joomla com_jnewspaper (cid) which allows an attacker to inject malicious SQL queries via the 'cid' parameter. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can be used to bypass authentication, access, modify and delete data in the back-end database.
This exploit is used to gain access to the MusicBox v 3.3 application. It uses a union select statement to concatenate the userid, username, password, email, and userlevel from the users table. The exploit is written in Perl and can be used with the host and path as arguments.
Malicious users may inject SQL querys into a vulnerable application to fool a user in order to gather data from them or see sensible information.
Services By CQR