This exploit is used to restore all SSDT hooks. It uses DeviceIoControl to write to the kernel memory and adds a call gate to the GDT table. It then calls the RestoreSSDTHook function to restore the SSDT hooks.
Input var v is vulnerable to SQL Code Injection. A proof of concept is provided which involves sending two requests to the server, one with a substring of the version set to 5 and one with a substring of the version set to 4. If the response time is high, the version substring is 5, and if the response time is low, the version substring is 4.
Input var do is vulnerable to SQL Code Injection. It allows an attacker to execute arbitrary SQL queries. The vulnerability is confirmed in Joomla version 1.5.9 but probably other versions are also affected. The proof of concept involves sending a malicious SQL query to the vulnerable parameter do. The response time of the server can be used to determine if the query was successful or not.
An attacker can exploit a SQL injection vulnerability in NovaBoard v1.1.2 to gain access to sensitive information such as usernames, passwords, and emails. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'page' and 'forums' parameters of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information.
Input var controller is vulnerable to Directory Traversal Vuln. A proof of concept is provided which involves accessing the http://server/[JOOMLA_PATH]/index.php?option=com_ccnewsletter&view=ccnewsletter&Itemid=87&controller=[-DT-] URL with [-DT-] replaced by ;) to exploit the vulnerability.
This exploit is used to cause a denial of service (DoS) on Apple Iphone/Ipod devices running the Serversman 3.1.5 application. The exploit sends a malicious HTTP request to the target device, which causes the device to crash and become unresponsive.
CamShot SEH overwrite is a vulnerability in CamShot which allows an attacker to overwrite the Structured Exception Handler (SEH) of the application. This vulnerability is caused by a buffer overflow in the application which allows an attacker to inject malicious code into the application. The malicious code can then be executed by the application, allowing the attacker to gain control of the application.
Input var order_status_id is vulnerable to SQL Code Injection. A proof of concept is provided which shows that the vulnerable parameter can be used to execute arbitrary SQL queries. The vulnerability has been confirmed in Joomla 1.1.4 stable, but other versions may also be affected.
Test done against Customers_who_bought (VirtueMart Module) and sh404SEF Joomla component. Both Commercial Joomla extensions, so my researching is poor. Injection is done in url redirection (View SQL errors) and result can be visible in source code, url, error page,... Since sh404SEF is used I cann't detect affected vars, but also there are BSQLi. Trying to search the module/component vulnerable, i've tested sh404SEF and VirtueMart. But Vulnerability cann't reproduce. Probably issue is in Customers_who_bought Module (hence advisory title).
This exploit is a buffer overflow vulnerability in Winamp 5.6. It allows an attacker to execute arbitrary code on the vulnerable system by sending a specially crafted request to the vulnerable application.
Services By CQR