The Papoo CMS allows authenticated users to upload GIF, JPG and PNG images if they have the "upload images" privilege, which is true for all default groups that can access the administrative interface. The CMS checks the uploaded images only for their header, but not for the file extension. It is therefore possible to upload images with the file extension ".php" and a valid image header. By embedding PHP code into the image (e.g. by using the GIF comments field), arbitrary code can be executed when requesting the image.
The SUMUS server contains a remotely exploitable buffer overflow in the httpd portion of its server code. The overflow occurs in a while() byte-by-byte write loop, and the integers used in the loop get overwritten before reaching the eip/return address.
This exploit allows an attacker to cause a Denial of Service (DoS) on the MyServer 0.4.3 application. By sending a specially crafted request, the server will become unresponsive and stop serving legitimate requests.
This exploit targets a vulnerability in the com_pms component of Joomla versions <= 1.0.15. The vulnerability allows an attacker to perform SQL injection attacks. The exploit requires a valid account on the target Joomla site with Community Builder Suite 1.1.0 installed. The attacker needs to copy the cookie information of a logged-in user and modify the User-Agent header of the POST request to match the browser used to log in. The exploit can be executed by running the provided script. If successful, the attacker can access the ignore list of the target site and view usernames and passwords.
This is a proof-of-concept exploit for MS05-016 vulnerability. The exploit is designed to create a .hta file which, when executed, runs a command to open Notepad.exe and then closes the window. It uses a specific pattern of characters to create a file named SAVE.DDD. The exploit code is written in C language.
BitComet 0.57 discloses proxy passwords to local users.
This exploit targets the jetAudio software version 7.1.9.4030 plus vx. It utilizes a RET - Universal method to trigger a local stack overflow vulnerability. The exploit has been tested on Windows XP SP3 En. The exploit was written by corelanc0d3r and can be found at http://www.milw0rm.com/exploits/9359. The payload is prepared by creating a malicious .m3u file named 'c0d3rsploit.m3u'. The exploit includes a shellcode that executes a calc command.
The exploit causes Tuniac v.090517c to crash when opening a specially crafted .M3U file. It is not confirmed if code execution is possible with this exploit.
The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.
DeluxeFtp 6.x discloses passwords to local users.
Services By CQR