This is a proof of concept remote exploit for uTorrent 1.6. It allows an attacker to execute arbitrary code on vulnerable systems. The exploit works on Windows XP SP1 and Windows 2000 SP1-4.
The Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Successfully exploiting this issue will cause the application to crash, denying service to legitimate users. Attackers may also be able to run arbitrary code, but this has not been confirmed.
The vulnerability exists in the 'philboard_forum.asp' file, where an attacker can inject SQL queries through the 'forumid' parameter. By manipulating the SQL query, an attacker can retrieve sensitive information such as usernames and passwords from the database.
Due to inproper input validation, all NetAccess devices with a firmware version less than 4.1.9.6 are vulnerable to an arbitrary file disclosure vulnerability. This vulnerability allows an unauthenticated remote attacker to abuse the web interface and read any file on the remote system. Due to the fact that important system files are world-readable, this does include /etc/shadow and thus leads to a full compromise of the device! In addition, an attacker is able to gain access to the proprietary code base of the device and potentially identify as well as exploit other (yet unknown) vulnerabilities.
This exploit targets the in.telnetd service in SunOS 5.10 and 5.11. It allows an attacker to execute arbitrary code remotely by sending a specially crafted payload. The exploit was developed by Kingcope in 2007.
Variables "oi_dir" in index.php are not properly sanitized. An attacker can exploit this vulnerability with a simple php injection script.
Sending a very long username in a Winpopup message can crash an NT box (possibly W95 too). This can be achieved easily from UNIX with 'smbclient -U LOTSandLOTSofcrap -M host'.
The vulnerability is present in the last URI segment of the GET request. An attacker can inject SQL code into the URI to manipulate the database and retrieve sensitive information.
Attackers can exploit this issue to crash the affected application, denying service to legitimate users.