Buffer overflow exists in transporting mode name of TFTP server. Buffer = "x00x02" + "filename" + "x00" + nop sled + Shellcode + JUMP + "x00";
An attacker can exploit these issues to execute arbitrary code, access sensitive information, or crash the affected application, denying service to legitimate users. Successful attacks may result in the complete compromise of an affected computer.
A remote buffer overflow in the login protocol allows arbitrary code execution as SYSTEM. Another vulnerability is exploited to remotely read arbitrary memory and retrieve the stack canary.
An attacker can exploit these issues to execute arbitrary code, access sensitive information, or crash the affected application, denying service to legitimate users. Successful attacks may result in the complete compromise of an affected computer.
HuronCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Ektron CMS400.NET is prone to multiple security vulnerabilities, including multiple cross-site scripting issues, an information-disclosure issue, a cookie-manipulation issue, a directory-traversal issue, a security-bypass issue, and a URI redirection issue. Attackers can leverage these issues to bypass authentication mechanisms, execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site, steal cookie-based authentication credentials, obtain sensitive information, bypass certain security restrictions, and redirect a user to a potentially malicious site; other attacks are also possible.
HP System Management Homepage is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks; other attacks are possible.
Tiny Java Web Server is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include a directory-traversal vulnerability, an open-redirection vulnerability, and a source code information-disclosure vulnerability. Exploiting these issues can allow an attacker to retrieve arbitrary local files and view directories within the context of the webserver. Information harvested may aid in launching further attacks. A successful exploit may aid in phishing attacks; other attacks may also be possible.
FlashCard is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The vulnerability exists in the inlinemod.php file in vBulletin <= 3.6.4. It allows for SQL injection and privilege escalation through session hijacking. This exploit requires a Super Moderator account to copy posts among threads and can be launched while the admin is logged into the control panel. It gives the attacker full admin privileges. Please note that this exploit will flood the forum with empty threads as well.
Services By CQR