This exploit will create a malicious .plist file for the user to use with launchctl. It was tested against OSX 10.4.6 8l1119 on a 1.5GHz Intel Core Solo. The exploit jumps into 0x1811111 via dyld_stub_close() and sets the euid after thought.
Xoops myAds module is vulnerable to SQL-injection. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable file annonces-p-f.php with the parameter op. This will allow the attacker to execute arbitrary SQL commands on the underlying database.
BLOG:CMS <= 4.0.0k is vulnerable to an SQL injection vulnerability due to the lack of sanitization of the "id" argument before being used in a SQL query. This vulnerability can be exploited regardless of the magic_quotes_gpc setting.
A vulnerability exists in RsGallery2 for Joomla, which allows a remote attacker to execute arbitrary code. This is due to the application failing to properly sanitize user-supplied input to the 'mosConfig_absolute_path' parameter in the 'rsgallery.html.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an arbitrary file path to the vulnerable script. This will cause the application to include and execute the arbitrary file.
Scout Portal Toolkit version 1.4.0 is vulnerable to a remote SQL injection vulnerability. This vulnerability allows an attacker to gain access to the admin credentials of the application. The exploit works regardless of the magic_quotes_gpc setting. The vulnerable file is SPT--ForumTopics.php and the PoC is http://host/path/SPT--ForumTopics.php?forumid=[SQL].
Variable $GlobalSettings[templatesDirectory] not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.
Variable $mosConfig_absolute_path not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.
DreamAccount V3.1 is vulnerable to a remote command execution vulnerability due to a lack of proper input validation. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server with the malicious payload in the ‘path’ parameter. This will allow the attacker to execute arbitrary commands on the vulnerable server.
DeluxeBB version 1.07 and prior are vulnerable to an authentication bypass vulnerability. An attacker can exploit this vulnerability to gain administrative access to the application. The vulnerability exists due to insufficient validation of user-supplied input in the 'cp.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This will allow the attacker to gain administrative access to the application.
Variable $phpbb_root_path not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script. An attacker can inject malicious code by sending a specially crafted URL to the vulnerable server.
Services By CQR