This exploit targets eZ versions 3.3 to 3.5. It exploits a vulnerability in the Cryptso.dll file, which contains a 'static' jmp esp instruction. The exploit jumps to esp and then jumps backward to reach the shellcode. The shellcode provides a reverse remote shell. The exploit uses the PEB technique for the universal shellcode.
A vulnerability in the MyWeb HTTP server allows for insufficient bounds checking when handling GET requests. This can be exploited by an attacker to corrupt sensitive data and potentially execute arbitrary code, leading to denial of service.
Audins Audiens is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, allow an attacker to steal authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
The application fails to sufficiently sanitize user-supplied input, leading to SQL-injection issues and a cross-site scripting issue. Exploiting these vulnerabilities could result in stealing authentication credentials, compromising the application, retrieving and overwriting sensitive information, accessing or modifying data, or exploiting latent vulnerabilities in the database implementation.
IntranetApp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
IntranetApp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
SiteEnable is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
This module exploits a buffer overflow in Gold MP4 Player 3.3. When this application is loaded a special crafted Flash URL via File -> Open Flash URL. Buffer overflow happens and it allowing arbitrary code execution.
This exploit allows an attacker to perform a blind SQL injection attack on the Xoops Module Friendfinder version 3.3 or below. By manipulating the 'id' parameter in the 'view.php' file, an attacker can extract sensitive information from the database, such as usernames and passwords.