The Facil-CMS 0.1RC2 has multiple vulnerabilities including PHPinfo disclosure, authentication bypass, and SQL injection in the News module.
This exploit is for Chasys Media Player version 1.1. It takes advantage of a stack overflow vulnerability in the program's handling of .pls files. By creating a specially crafted .pls file, an attacker can execute arbitrary code on the target system. The exploit includes a shellcode payload that launches a bind shell on port 666.
A reliable buffer overflow exists in the way cdex process Ogg Vorbis Info headers. The exploit creates an evil.ogg file which, when played in CDex, triggers the buffer overflow.
This exploit is a shellcode for executing command prompt on Windows NT/2000/XP systems. It binds to port 28876 and allows remote command execution.
This exploit allows an attacker to execute arbitrary code remotely on a vulnerable system. It takes advantage of a buffer overflow vulnerability in the send_command function. By sending a specially crafted command and arguments, an attacker can overwrite the SEH handler and redirect program execution to their shellcode.
The "synacast://", "Play://" ,"pplsv://" and "ppvod://" URI handlers in PPLive <= 1.9.21 do not verify certain parts of the URI before evaluating command line parameters. This can be exploited against Internet Explorer to e.g. load a dll from a remote UNC path via the "/LoadModule" parameter.
The JDKChat v1.5 server is vulnerable to a remote integer overflow. This vulnerability allows an attacker to execute arbitrary code on the server. By sending a specially crafted command, an attacker can cause the server to crash or execute arbitrary code.
The vulnerability exists in the search_member page of the PhpMySport script, allowing attackers to execute SQL injection and cross-site scripting (XSS) attacks. An attacker can manipulate the search_member form to retrieve sensitive information such as encrypted passwords, names, emails, and other user details through SQL injection. Additionally, the script is vulnerable to XSS attacks on various pages, including the competition and member_list pages. An attacker can inject malicious JavaScript code to exploit this vulnerability.
A SEH overflow occurs in this vulnerability in the popular Foxit Reader. The latest build (1506) is not affected but previous are. SafeSEH is a bitch in this one, but nothing is impossible :).
A vulnerability is caused due to an input validation error when handling FTP "DELE" requests. This can be exploited to escape the FTP root and delete arbitrary files on the system via directory traversal attacks using the ".." character sequence.
Services By CQR