Admin login credentials can be obtained by exploiting a SQL injection vulnerability in the com_articlemanager component of Joomla. The vulnerable URL is http://[server]/index.php?option=com_articlemanager&Itemid=349&task=display&artid=. The exploit code is null/**/union/**/select/**/1,2,3,concat(username,0x3a,password)fl0rix,5,6,7,8/**/from/**/jos_users--
The vulnerability is caused by a long string written in the skin field of the Winamp.ini file, which causes a stack buffer overflow. All that needs to be done is to replace the initial file with the one containing the long string.
This product, an online NEWS CMS, suffers from SQL injection in login so that we can bypass the login system. Also, it suffers from SQLi in the GET variables which can be exploited to get different information from the database.
This product suffers from multiple SQLi vulnerabilities. The first exploit is a union-based SQL injection attack, which can be used to extract the version of the database, the database name, and the user. The other two exploits are parameter-based SQL injections, which can be used to execute arbitrary SQL queries.
A vulnerability in Asp VevoCart Control System Version 3.0.4 allows an attacker to download the database by accessing the URL http://127.0.0.1/VevoCart/App_Data/vevocart.mdb.
A local heap overflow vulnerability exists in NPlayer when a specially crafted .dat skin file is opened. This could allow an attacker to execute arbitrary code on the vulnerable system. The vulnerability is due to insufficient boundary checks when processing the .dat skin file. An attacker can exploit this vulnerability by enticing a user to open a malicious .dat skin file.
Rehan Ahmed discovered a Denial of Service vulnerability in Nemesis Player (NSP) versions 1.1 Beta and 2.2. The vulnerability is triggered when a maliciously crafted .nsp file is opened, causing the application to crash. The exploit code creates a file with 5000 'A' characters, which when opened in NSP, causes the application to crash.
TurboFTP Server 1.00.712 is vulnerable to a Denial of Service attack. An attacker can send a specially crafted APPE command with a payload of 2000 'A' characters to the server, causing it to crash. This vulnerability was fixed in version 1.00.720.
This exploit is a proof of concept for a local crash vulnerability in Ofilter Player. The vulnerability is caused due to a boundary error when handling the skin.ini file, which can be exploited by an attacker to cause a denial of service condition. The vulnerability is confirmed on Windows XP SP2. The exploit creates a file called skin1.ini with a length of 5000 bytes.
Populum version 2.3 is vulnerable to SQL injection. The vulnerable parameters are 'did' and 'id' in the URLs '127.0.0.1/populum/diarypage.php?did=[SQL injection]' and '127.0.0.1/populum/link.php?id=[SQL injection]'. An attacker can exploit this vulnerability to gain unauthorized access to the application.
Services By CQR