This exploit targets Clever Database Comparer ActiveX version 2.2. By sending a specially crafted request, an attacker can cause a buffer overflow, leading to remote code execution.
The vulnerability allows an attacker to include and execute arbitrary files from remote servers by exploiting the 'newsadmin.php' script. By manipulating the 'action' parameter in the URL, an attacker can specify the file to be included and executed. In this case, the exploit uses the 'shell' file as the payload.
The Vulnerability lies in the serve_argumentx function. The Argumentx command parameter is used to append data to a previously supplied Argument command. These data pointers are stored in the argument_vector array. The serve_argumentx fails to check whether an Argument command is present in the argument_vector and may append data to a pointer that should not get touched at all, in our case the *error_prog_name string. The function calls realloc to create space for the new string. Because realloc will be called to store strlen(error_prog_name) + strlen(somedata) the original chunk which just stores error_prog_name will get freed. This free chunk will once again get freed after we disconnect from the CVS pserver.
This exploit allows an attacker to include a remote file in the NagiosQL application. By manipulating the 'prepend_adm.php' file, the attacker can execute arbitrary code or gain unauthorized access to the system. The vulnerability was discovered by ThE TiGeR.
An attacker can leverage this issue to crash the affected application, causing a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.
RealPlayer is prone to a memory-corruption vulnerability. An attacker can leverage this issue to crash the affected application, causing a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.
Attackers can exploit this issue to crash the affected application, resulting in a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.
An attacker can leverage this issue to crash the affected application, causing a denial-of-service condition.
The PHP Advanced Transfer Manager (phpatm) is vulnerable to an injection attack. This can be exploited by sending a specially crafted request to the 'index.php' file with the 'action' parameter set to 'downloadfile' and the 'directory' parameter set to '../'. This allows an attacker to download arbitrary files from the server.
The ID Automation Linear Barcode ActiveX Control (IDAutomationLinear6.dll) v. 1.6.0.5 is vulnerable to a Denial of Service (DoS) attack. By sending a specially crafted input, an attacker can cause the ActiveX control to crash, resulting in a denial of service condition. This vulnerability can be exploited remotely without authentication.
Services By CQR