The MKPortal NoBoard (BETA) script is vulnerable to remote code execution. An attacker can exploit this vulnerability by sending a specially crafted request to the user.php file, which allows them to execute arbitrary code on the server. This vulnerability was discovered by FiSh.
This exploit targets the MkPortal reviews and gallery modules with versions <= 1.1.1. It allows an attacker to execute arbitrary SQL queries on the vulnerable system. The exploit was discovered by Coloss and developed by Coloss. This is a priv8 exploit, not suitable for children.
This exploit targets a vulnerability in the symtdi.sys driver of Symantec AntiVirus. By sending specially crafted input to the driver, an attacker can escalate their privileges on the affected system. This vulnerability allows an attacker with limited privileges to execute arbitrary code with kernel-level privileges, potentially gaining full control of the system. This exploit was published on milw0rm.com on July 12, 2007.
This exploit is a remote buffer overflow in Sync Breeze Enterprise v9.5.16. By sending a specially crafted request to the application, an attacker can trigger a buffer overflow condition, potentially allowing them to execute arbitrary code on the target system. This vulnerability has a CVSS severity score of 9.8 (Critical).
The latest Ubuntu Lucid stock kernel (2.6.32-27-generic) contains a bug that allows a lower privileged user to keep attached to open /proc file entries even after the process is executing suid binary. This allows a malicious user to access information from the proc interface or modify process settings of privileged processes. By monitoring syscalls, syscall stack, and limits of running suid binaries, a simple helper program (ProcReadHelper.c) can be used to open a proc entry before executing a suid program and keep it open. This exploit can also modify core dump flags of running suid binaries by using the same technique on writeable proc files.
The DebugMsgLog method in sasatl.dll is prone to a stack-based buffer-overflow vulnerability, because it fails to properly check boundaries. An attacker could execute arbitrary code into the remote machine.
An integer overflow was found in apache2-mpm-worker 2.2.19 in the function ap_pregsub called from mod-setenvif. When a header field is mangled using SetEnvIf, the new environment variable data can be multiples of the size of the submitted header field. This leads to a buffer overflow when filling the buffer with user-supplied data. The issue affects all versions from 2.0.x to 2.0.64 and 2.2.x to 2.2.21.
On Ubuntu Wily, it is possible to place an USERNS overlayfs mount over a fuse mount. The fuse filesystem may contain SUID binaries, but those cannot be used to gain privileges due to nosuid mount options. But when touching such an SUID binary via overlayfs mount, this will trigger copy_up including all file attributes, thus creating a real SUID binary on the disk.
The SaveToFile method in PGPBBox.dll in the SecureBlackbox software package from the Eldos Company allows remote attackers to write arbitrary data by crafting a malicious HTML page. This vulnerability affects computers using this software.
This exploit targets a vulnerability in the bz2 extension of PHP version 5.2.3. By using the com_print_typeinfo() function, an attacker can trigger a remote denial of service (DoS) attack. The vulnerability was discovered by shinnai and can be exploited on Windows XP SP2, both from the command line interface (CLI) and on Apache web server.
Services By CQR