There is remote buffer overflow in News Bin Pro 4.32 that can be triggered by grabbing articles that contain an overly long file name. To exploit, convince someone to set his newsgroup server to your ip:119 and ask him to download an article and to bypass filters. This is just a DoS. I couldnt make EIP point to some interesting place. This is a unicode buffer overflow and we can force EIP to point on 0x00410041. But there's no good call esp in those places. However if we can set EIP to 0x41004100 the problem is solved. Tell me if you go further. Have Fun!
CMScout is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.
The NWS-Classifieds application is prone to a local file-include vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to obtain sensitive information and execute arbitrary local scripts in the context of the webserver process. This can lead to application and system compromise.
The Willscript Auction Website Script is vulnerable to SQL injection due to insufficient sanitization of user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to execute arbitrary code, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The I-Escorts products are prone to multiple cross-site scripting vulnerabilities due to insufficient input sanitization. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.
An attacker can execute arbitrary HTML and script code in the browser of a user, allowing them to steal authentication credentials and launch other attacks.
The AChecker application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially stealing authentication credentials and launching other attacks.
This exploit connects to the victim's newsgroups provider and posts a crafted article. The victim needs to grab the article to trigger the buffer overflow and execute calc.exe. This exploit was tested against Windows XP SP2 FR. The exploit code is a shellcode for executing calc.exe.
AContent is prone to multiple cross-site scripting vulnerabilities and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
The Santafox application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a user visiting the affected site. This can be used to steal authentication credentials and launch further attacks.
Services By CQR