The login script fails to validate user input, allowing for SQL injection attacks.
This exploit allows an attacker to create a specially crafted file that triggers a buffer overflow in DVD Photo Slideshow Professional version 8.07. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system.
The exploit script creates a new file named 'key.txt' and copies its content. Then, when the program is started, the content of 'key.txt' is pasted into the 'Registration Key' field, causing a buffer overflow and allowing the exploit to run successfully.
The Hot or Not Clone script by Jnshosts.com allows unauthorized access to the admin password by downloading the backup file and viewing it. The password can be found in the backup.sql file. The admin credentials are 'admin' for the username and 'desperad' for the password. The vulnerability also allows for the uploading of a shell. The admin control panel can be accessed at http://www.ratemyscript.com/control/. The uploaded shell can be seen at http://www.ratemyscript.com/banners/tryag.php.
This exploit demonstrates a stack overflow vulnerability in Torrent iPod Video Converter version 1.51. By providing a specially crafted input in the 'Code:' textbox, an attacker can cause the application to crash and open the calculator.
This module exploits a command injection in the MAIL FROM field during SMTP interaction with OpenSMTPD to execute code as the root user.
D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi.
Various Ricoh printer drivers allow escalation of privileges on Windows systems. For vulnerable drivers, a low-privileged user can read/write files within the RICOH_DRV directory and its subdirectories. PrintIsolationHost.exe, a Windows process running as NT AUTHORITYSYSTEM, loads driver-specific DLLs during the installation of a printer. A user can elevate to SYSTEM by writing a malicious DLL to the vulnerable driver directory and adding a new printer with a vulnerable driver. This module leverages the prnmngr.vbs script to add and delete printers. Multiple runs of this module may be required given successful exploitation is time-sensitive.
There is a vulnerability in the sctp_load_addresses_from_init function of usersctp that can lead to a number of out-of-bound reads. The input to sctp_load_addresses_from_init is verified by calling sctp_arethere_unrecognized_parameters, however there is a difference in how these functions handle parameter bounds. The function sctp_arethere_unrecognized_parameters does not process a parameter that is partially outside of the limit of the chunk, meanwhile, sctp_load_addresses_from_init will continue processing until a parameter that is entirely outside of the chunk occurs. This means that the last parameter of a chunk is not always verified, which can lead to parameters with very short plen values being processed by sctp_load_addresses_from_init. This can lead to out-of-bounds reads whenever the plen is subtracted from the header len.
The Wedding Slideshow Studio version 1.36 is vulnerable to a buffer overflow in the 'Key' field. By providing a specially crafted input, an attacker can overwrite the program's execution flow and potentially execute arbitrary code.
Services By CQR