A Blind SQL Injection vulnerability exists in the Joomla Component Regional Booking (id) component, which allows an attacker to inject malicious SQL queries into the application. The vulnerability is triggered when the application fails to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as usernames and passwords, or to modify the contents of the database.
Drupal 6.15 (latest release) is vulnerable to multiple permanent Cross Site Scritpting and probably the old release too. The severity is anyway low, because an attacker can use it only if he has an access to 'User Management' with the right privileges. The first vulnerability is up in 'Access rules'. In fact the attacker can write a code in 'Mask' entry textbox and after the submit the code will be executed. The second vulnerability, similar to the first, is allocated in 'Roles management', in fact the attacker, can use 'Name Role' for add malicius code, that will be executed after the submit viewing the related page list. These vulnerabilities are 'permanent'.
This exploit is a heap spray attack which uses a malicious JavaScript code to inject a shellcode into the memory of the vulnerable system. The malicious code is embedded in an HTML page and when the page is opened, the code is executed and the shellcode is injected into the memory. The shellcode is then used to execute arbitrary code on the vulnerable system.
Read Excel v1.1 is vulnerable to a shell upload vulnerability. An attacker can upload a malicious PHP file to the vulnerable server and execute arbitrary code. The vulnerable script is located at http://yozgat.us/[Read_Excel_Path]/index.php. A demo of the exploit can be found at http://server/read_excel/excel/kkk.php.
This exploit is a proof of concept for a denial of service vulnerability in ttplayer version 5.6Beta3. The exploit creates a malicious .m3u file containing a string of 81 'x41' characters followed by 'QQ1.'. When the file is opened in ttplayer, the application crashes.
Kantaris 0.5.6 crashes while loading a specially crafted playlist containing a string of 105000 'a/' characters.
AutoIndex PHP Script is vulnerable to directory traversal attack which allows an attacker to read arbitrary files and directories stored on the web server. This vulnerability is due to insufficient sanitization of user-supplied input to the 'dir' and 'file' parameters of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences (e.g. '../') to the vulnerable script. Successful exploitation of this vulnerability may allow an attacker to read arbitrary files and directories stored on the web server.
Sora has advised that Ulisse's ladder.php file from Ulisse's Scripts 2.6.1 suffers a remote SQL injection vulnerability in the parameter 'gid'. The database inputs are not properly sanitized.
An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the product_desc.php file. This can allow the attacker to gain access to the database and extract sensitive information such as usernames and passwords.
This proof-of-concept code creates a backup file of the .gtk-bookmarks file and then appends a large number of 'A' characters to it. Depending on the argument passed to the code, the number of 'A' characters appended can be either 9999 or 99999. This causes the Gnome panel to crash and restart continuously or to become completely unresponsive, respectively.
Services By CQR