The exploit script creates a file with a large payload and then attempts to open it in the TransMac software. This causes the software to crash, resulting in a denial of service.
On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
Multiple remote file inclusion (RFI) and local file inclusion (LFI) vulnerabilities in PHP Project Management version 0.8.10 and earlier allow remote attackers to execute arbitrary code or read arbitrary files via a full_path parameter in various modules.
On the RICOH Aficio MP 305+ printer and other affected models, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
This exploit targets Vanilla versions 1.1.3, 1.1.2, and 1.0.1. It takes advantage of a vulnerability in the /ajax/sortcategories.php and /ajax/sortroles.php scripts, which are used for sorting categories and roles. These scripts do not properly sanitize user input data, allowing for SQL injection attacks. By injecting SQL code into the UPDATE query, an attacker can execute arbitrary SQL commands on the target server. The exploit requires MySQL version 4.1 or higher and magic_quotes_gpc to be turned off.
This module exploits a directory traversal vulnerability in the 'dtappgather' executable included with Common Desktop Environment (CDE) on unpatched Solaris systems prior to Solaris 10u11 which allows users to gain root privileges. dtappgather allows users to create a user-owned directory at any location on the filesystem using the 'DTUSERSESSION' environment variable. This module creates a directory in '/usr/lib/locale', writes a shared object to the directory, and runs the specified SUID binary with the shared object loaded using the 'LC_TIME' environment variable.
On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
This exploit takes advantage of two SQL injection flaws in SMF 1.1.3. It works with both magic_quotes_gpc=On and Off. The exploit bypasses SMF's SQL Injection filter. The author has submitted a patch for these flaws.
On the MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.