The 'skill_delete' parameter in the '/www/people/editprofile.php' script is not properly sanitized, allowing an attacker to execute arbitrary SQL queries and potentially disclose usernames and passwords stored in the backend databases.
NAT32 listens on Port 8080 for its Web interface. If the 'Password Checking' feature is not enabled, remote attackers can potentially execute arbitrary commands. If the 'Password Checking' feature is enabled, remote attackers can potentially issue arbitrary commands exploiting a Cross Site Scripting vulnerability. NAT32 also implements BASIC authentication which pass BASE64 Encoded credentials that can be easily revealed if sniffed on the network.
The VBWinExec function in NodeAspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument.
This is a remote Denial of Service (DoS) exploit for JetCast Server 2.0.0.4308. The exploit triggers an access violation, causing the server to crash and become unresponsive.
Unauthenticated remote attackers that can connect to the "CloudMe Sync" client application listening on port 8888, can send a malicious payload causing a Buffer Overflow condition. This will result in an attacker controlling the programs execution flow and allowing arbitrary code execution on the victims PC.
This module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables. This allows loading arbitrary shared objects from the trusted library search path with the privileges of the suid user. This module uses LD_AUDIT to load the libpcprofile.so shared object, distributed with some versions of glibc, and leverages arbitrary file creation functionality in the library constructor to write a root-owned world-writable file to a system trusted search path (usually /lib). The file is then overwritten with a shared object then loaded with LD_AUDIT resulting in arbitrary code execution. This module has been tested successfully on glibc version 2.11.1 on Ubuntu 10.04 x86_64 and version 2.7 on Debian 5.0.4 i386. RHEL 5 is reportedly affected, but untested. Some glibc distributions do not contain the libpcprofile.so library required for successful exploitation.
This module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables which allows control over the $ORIGIN library search path resulting in execution of arbitrary shared objects. This module opens a file descriptor to the specified suid executable via a hard link, then replaces the hard link with a shared object before instructing the linker to execute the file descriptor, resulting in arbitrary code execution. The specified setuid binary must be readable and located on the same file system partition as the specified writable directory. This module has been tested successfully on glibc version 2.5 on CentOS 5.4 (x86_64), 2.5 on CentOS 5.5 (x86_64) and 2.12 on Fedora 13 (i386). RHEL 5 is reportedly affected, but untested. Some versions of ld.so, such as the version shipped with Ubuntu 14, hit a failed assertion in dl_open_worker causing exploitation to fail.
The weakness is caused due to the 'j_spring_security_check' script and how it verifies provided credentials. An attacker can use this weakness to enumerate valid users on the affected node.
The vulnerability allows an attacker to inject SQL commands.
This exploit allows an attacker to include a remote file by manipulating the $mosConfig_live_site variable in the com_joomlaradiov5/admin.joomlaradiov5.php file. An example URL is provided in the text.
Services By CQR