xRadio is affected by a stack-based buffer overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successful exploitation of the vulnerability allows an attacker to execute arbitrary code. Other versions are also affected but have a different trigger.
This is a remote proof-of-concept (PoC) exploit for the vulnerability CVE-2010-4435. It is tested against Solaris, AIX, and HP-UX. The exploit allows an attacker to send a CMSD_UNKN request to the server.
This exploit targets a buffer overflow vulnerability in AOL Desktop 9.6. By sending a specially crafted HTTP request, an attacker can overwrite the EIP register and execute arbitrary code. The exploit has been tested on Windows XP Professional SP3.
This is a local root exploit for Android 1.x/2.x. It copies files from sdcard to /sqlite_stmt_journals/exploid and runs them. It can also use /data/local/tmp if available. The exploit invokes hotplug by clicking Settings->Wireless->{Airplane,WiFi etc} or using USB keys. This exploit requires /etc/firmware directory and will only run on real devices, not inside the emulator.
The vulnerability exists due to failure in the "/templates/default/index.php" script, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information.
This exploit allows an attacker to execute remote SQL injection in PMB Services version 3.4.3 or below. PMB Services is a free Integrated Library management System. The vulnerability can be exploited by an attacker to gain unauthorized access to the database and potentially retrieve or modify sensitive information.
This exploit allows an attacker to execute arbitrary shell commands on the target server by exploiting a vulnerability in the WebAlbum <= 2.02pl software. The vulnerability occurs due to the lack of sanitization of user input in the 'skin2' cookie parameter. By injecting malicious shell commands into the cookie, an attacker can execute arbitrary commands on the target server. This exploit works when the 'magic_quotes_gpc' setting is turned off. The exploit requires the attacker to have knowledge of the target server's IP/hostname, the path to the WebAlbum installation, and a shell command to execute. Various options are available for specifying a different port or using a proxy.
Buffer overflow vulnerability in WM Downloader 3.1.2.2 allows remote attackers to execute arbitrary code via a long string in an .m3u file, triggering a stack-based buffer overflow, and bypassing DEP protections.
EasyMail ActiveX Control (emsmtp.dll) that included into Oracle Document Capture distrib can be used to read any file in the target system. Vulnerable method is "ImportBodyText()".
This exploit allows an attacker to execute arbitrary commands on a target server running XHP CMS version 0.5 or lower. The attacker can upload a PHP file using the FileManager plugin and then execute commands through it. The vulnerability exists in the FileManager plugin's manager.php and standalonemanager.php files.
Services By CQR