Local File Inclusion vulnerability in admin/index.php in TinyWebGallery 1.7.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include local files via the lang parameter, which leads to execute arbitrary PHP code by injecting data into the log files.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing MiniShare. The vulnerability is caused due to a boundary error within MiniShare when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability.
This module exploits a buffer overflow vulnerability in the handling of Error Packet for overwrite all the .bss section and some portion of the .idata section. An agent is installed if successful. This vulnerability can be exploited remotely by sending a very long TFTP Error Packet in service or standalone version.
This module exploits a buffer overflow vulnerability in the handling of Error Packet for overwrite all the .bss section and some portion of the .idata section. and installs an agent if successful. This vulnerability can be exploited remotely by sending a very long TFTP Error Packet in service or standalone version.
A vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment.
Subscribe to Windows