This exploit targets Vanilla versions 1.1.3, 1.1.2, and 1.0.1. It takes advantage of a vulnerability in the /ajax/sortcategories.php and /ajax/sortroles.php scripts, which are used for sorting categories and roles. These scripts do not properly sanitize user input data, allowing for SQL injection attacks. By injecting SQL code into the UPDATE query, an attacker can execute arbitrary SQL commands on the target server. The exploit requires MySQL version 4.1 or higher and magic_quotes_gpc to be turned off.
This module exploits a directory traversal vulnerability in the 'dtappgather' executable included with Common Desktop Environment (CDE) on unpatched Solaris systems prior to Solaris 10u11 which allows users to gain root privileges. dtappgather allows users to create a user-owned directory at any location on the filesystem using the 'DTUSERSESSION' environment variable. This module creates a directory in '/usr/lib/locale', writes a shared object to the directory, and runs the specified SUID binary with the shared object loaded using the 'LC_TIME' environment variable.
On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
This exploit takes advantage of two SQL injection flaws in SMF 1.1.3. It works with both magic_quotes_gpc=On and Off. The exploit bypasses SMF's SQL Injection filter. The author has submitted a patch for these flaws.
On the MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
This vulnerability allows an attacker to include local files on the target system by manipulating the 'file' parameter in the '/chat/admin/inc/help.php' file. By exploiting this vulnerability, an attacker can read sensitive files on the target system.
The SoftX FTP Client 3.3 is vulnerable to a Denial of Service (DoS) attack. By providing a specially crafted payload to the application, an attacker can cause the program to crash, resulting in a denial of service condition. The vulnerability exists due to a lack of proper input validation.
On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
This exploit creates a file with a large payload, causing a denial of service in Termite 3.4. By running a python script, a new file called "boom.txt" is created with a payload of 2000 bytes. When this content is copied and pasted into the "User interface language" field in Termite 3.4, it triggers a denial of service.
Services By CQR