Local File Inclusion vulnerability in admin/index.php in TinyWebGallery 1.7.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include local files via the lang parameter, which leads to execute arbitrary PHP code by injecting data into the log files.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing MiniShare. The vulnerability is caused due to a boundary error within MiniShare when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability.
This module exploits a buffer overflow vulnerability in the handling of Error Packet for overwrite all the .bss section and some portion of the .idata section. An agent is installed if successful. This vulnerability can be exploited remotely by sending a very long TFTP Error Packet in service or standalone version.
This module exploits a buffer overflow vulnerability in the handling of Error Packet for overwrite all the .bss section and some portion of the .idata section. and installs an agent if successful. This vulnerability can be exploited remotely by sending a very long TFTP Error Packet in service or standalone version.
Subscribe to Impact