This exploit targets a stack overflow vulnerability in the Microsoft Windows Wkssvc NetrJoinDomain2 function. It allows an attacker to execute arbitrary code on a vulnerable system.
The SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
The MonoChat application is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This allows an attacker to inject malicious HTML and script code, which would be executed in the context of the affected website. This could potentially lead to the theft of cookie-based authentication credentials or control over how the site is rendered to the user. Other attacks may also be possible.
This is an exploit for Bug #1 described in http://www.exploit-db.com/exploits/26558/. The exploit will generate a winamp.ini file that will cause winamp to run the payload upon startup.
The Chart Mod application is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection vulnerabilities. These vulnerabilities occur due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, steal authentication credentials, or exploit vulnerabilities in the underlying database implementation.
The GNU 'binutils' is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Remote attackers may crash the 'strings' utility, potentially making analysis of malicious binaries more difficult. Attackers may also execute arbitrary machine code in the context of applications that use the affected library.
Cartweaver ColdFusion is prone to SQL-injection vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input before using it in SQL queries. Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
The vulnerability allows attackers to bypass security applications by exploiting the multiple differing algorithms used by the operating system to resolve file paths. Attackers can use this weakness to bypass security software such as antivirus and antispyware products, and potentially execute other attacks.
A vulnerability has been identified within Winzip that allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The flaw exists within 'FileView' ActiveX control which contains stack-based overflow conditions. This exploit generates a malicious HTML page and contains shellcode embedded within an image file. Due to the random nature of the heap, this exploit uses hard-coded location of the image bytes within the heap and as such is unreliable in exploitation of this bug, but has approximately 1 in 6 hit ratio within the tested environment.
Multiple Cisco products are susceptible to a content-filtering bypass vulnerability. This issue allows users to bypass content-filtering and access forbidden websites.
Services By CQR