In Sony Ericsson phones (tested on w800i, k750i, w810i), if you simply rename a File with a '.sest' extension, it achieves 'System' File status. This file can't be deleted, nor renamed or edited by any means By the Phone. The only way to remove or rename those files is to connect the phone to your Personal Computer & then rename them. Folders such as Images Folder, Videos Folder etc, if renamed in Foldername.sest format, then this folder attains System Folder status, & no matter how many files are present in it, they become totally invisible. When you try to open these folders in the phone, it says 'No Files in this folder' even when in reality files are present in it. Using this Vulnerability, you can totally disable all the Multimedia features of these phones. J2me applications are capable of causing this Filesystem DoS effect. A PoC of this DoS Function, is the 'VooDoo' function of the J2me File protection application 'The Messiah'.
A vulnerability exists in RoundCube Webmail versions 0.2.X and possibly higher. An attacker can inject malicious JavaScript code into the ERROR_MESSAGE parameter of the error.inc file, which is then executed in the browser of the victim. The attacker can also obtain the FPD or RoundCube installation path via the identities.inc file.
A Blind SQL Injection vulnerability exists in the Joomla Component com_king, which allows an attacker to gain access to the admin login credentials. This vulnerability can be exploited by sending a maliciously crafted HTTP request to the vulnerable application. The malicious request contains a specially crafted SQL query that can be used to extract the admin login credentials from the database. The demo vulnerability can be tested by sending a TRUE request with the URL http://site.com/kids/index.php?option=com_king&Itemid=0&task=show&id_k=13 and 1=1 and a FALSE request with the URL http://site.com/kids/index.php?option=com_king&Itemid=0&task=show&id_k=13 and 1=0.
Microsoft’s HTML Help Compiler (hhc.exe) is free tool to build Microsoft Compiled HTML Help (.chm) files. It is included within HTML Help Workshop and Visual Studio. The executable, hhc.exe, does not properly check the length of user-supplied command line arguments. It is possible to gain control of EDX, EBP, and ESI registers as well as perform an SEH overwrite. With this, it should be possible to execute arbitrary code in the context of the application.
An attacker can exploit this vulnerability to gain access to admin login credentials. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'kat' parameter of the 'index.php' script. An attacker can send a maliciously crafted HTTP request to the vulnerable script and gain access to admin login credentials.
An attacker can exploit a SQL injection vulnerability in Milonic News (viewnews) to gain access to the username and password of the website. The exploit is done by sending a crafted URL to the vulnerable application. The URL contains a malicious SQL query that can be used to extract data from the database. The URL for the exploit is /viewnews.php?ID=-136+union+select+1,2,3,4,5,6,7,8,username,10,11,12,13,14+from+renewabl_mhpcompanies.experts-- for username and /viewnews.php?ID=-136+union+select+1,2,3,4,5,6,7,8,password,10,11,12,13,14+from+renewabl_mhpwebsite.users-- for password.
The POST variable nickname has been set to 1>">">"><script>alert(document.cookie)</script>
A vulnerability in DirectAdmin <= 1.33.6 allows an attacker to bypass the permissions of the /etc/shadow file by creating a symbolic link to it in any directory. The attacker can then extract the backup file located in /home/test/backups/domains/test.com/public_html and read the shadow file which has 400 permission.
Docebo 3.6.0.2 (stable) is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability by sending a crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable server. This can allow the attacker to read sensitive files from the server.
This exploit is for Apple QuickTime 7.2/7.3 RTSP BOF (Perl Edition). It was discovered by Krystian Kloskowski (h07) and written and coded by Jacky. It is a buffer overflow exploit which sends an evil buffer to the target system. The buffer contains junk data, NSEH, SEH, NOPS, shellcode and junk data.
Services By CQR