The MiNT Haber Sistemi v2.7 (tr) is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting SQL code into the 'id' parameter in the 'duyuru.asp' page. By doing so, they can retrieve sensitive information such as the admin's username, password, and email address.
While scanning specially crafted compressed files, Norton AntiVirus triggers a Denial of Service (DoS) attack by using 100% CPU for a long time. The scan cannot be stopped manually, forcing the user to kill the process. A proof of concept file is provided to demonstrate the vulnerability. Other antivirus or trojan scanners may also be vulnerable.
The vulnerability allows remote attackers to cause a denial of service (application crash) via a long string in a .m3u file.
The vulnerability exists in the /i-accueil.php file of the Citations Aléatoires v1.1 script. The script includes a file without properly validating user-supplied input, allowing an attacker to include arbitrary remote files. This can lead to remote code execution and compromise of the affected system.
DaumGame ActiveX versions 1.1.0.5, 1.1.0.4 by Daum Communications includes the vulnerable method 'IconCreate' which is designed to support icon process. The method which accepts printable characters suffers from buffer overflow vulnerability that leads to SEH overwrite.
The Data parameter in the MW6MaxiCode Class is subject to a buffer overflow, leading to arbitrary code execution. By entering a string larger than 4000 characters, it is possible to trigger the overflow. This results in Internet Explorer crashing when trying to copy 42424242 to a register. By disassembling near the crash location, it can be observed that both EAX and ECX can be manipulated with values 41414141 and 42424242 respectively. These manipulated values are later used to perform write operations, leading to an arbitrary 4 byte write.
The Data parameter in the MW6Aztec ActiveX COM Object is subject to a buffer overflow, leading to arbitrary code execution. By entering a string larger than 9000 characters, the attached PoC (mw6maztec.html) crashes when trying to read from address 41414141. Further investigation reveals that the value of EAX 030e20d0 is written into an arbitrary memory location, and this EAX value is pointing to the Data buffer.
The LunarPoll script is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by injecting a malicious URL in the 'PollDir' parameter of the 'show.php' script, leading to the inclusion of arbitrary remote files.
The directory traversal vulnerability in WinIPDS allows an attacker to gain access to sensitive information by manipulating directory paths. The denial-of-service vulnerability allows an attacker to crash the application, denying service to legitimate users. The vulnerabilities can be exploited by sending specially crafted GET or POST requests with manipulated directory paths.
This exploit allows an attacker to gain unauthorized access, reset the admin password, and execute arbitrary commands on a vulnerable sNews <= 1.5.30 installation. The exploit works regardless of php.ini settings. The attacker needs to provide the target server, path to sNews, their IP address, and a shell command. Options include specifying a different port or using a proxy. The exploit sends a packet to the target server and if successful, gains unauthorized access, resets the admin password, and executes the specified command.
Services By CQR