This exploit takes advantage of a buffer overflow vulnerability in MP3 CD Converter Professional. It allows an attacker to execute arbitrary code on the target system.
This exploit allows an attacker to perform SQL injection in the Virtual Store Open <= 3.0 software.
This vulnerability allows an attacker to inject SQL queries into the login form, potentially gaining unauthorized access to the system. The vulnerability was discovered by DeadLy DeMon.
AYDrvNT.sys create a device called 'AYDrvNT_ALYAC' and handles the device io control code = 0x223e2c, which can overwrite the system service descriptor table entry with arbitrary address.
This exploit is for a buffer overflow vulnerability in Altarsoft Audio Converter version 1.1. It allows an attacker to execute arbitrary code by sending a specially crafted file. The vulnerability is triggered when the program tries to handle a long file name.
The Ruby HTTP server is vulnerable to HTTP response splitting attacks. This vulnerability allows an attacker to manipulate the HTTP response headers and inject malicious content. This can lead to various attacks, such as cross-site scripting (XSS) and cache poisoning.
Google Urchin is vulnerable to a Local File Include (LFI) vulnerability that allows arbitrary reading of files. The vulnerability is caused by improper filtering of included files, which are stored under $INSTALL_PATH. By modifying the 'gfid' parameter in a GET request, an attacker can read any file on the host.
This exploit targets PowerShell XP version 3.0.1 on Windows XP SP3 English. It requires an input file, an output file, and a payload encoded with alpha2 and EAX based encoding. The exploit constructs alignment code and padding, and then constructs the payload.
Apache Archiva affects from Cross-site Request Forgery. Application don't check which form sends credentials. Technically, attacker can create a specially crafted page and force archiva administrators to view it and change their credentials. For prevention from CSRF vulnerabilities, application needs anti-csrf token, captcha and asking old password for action like change password. Vulnerability patched by the Apache Archiva Team.
There are multiple unpatched CSRF vulnerabilities in the administration interfaces for various Linksys routers. Exploits are available that allow remote administration of the router and changing the password to '__pwn3d__'. The victim does not necessarily need to be authenticated since the default passwords for all routers are known to be 'admin'. Most browsers provide some degree of protection against these attacks.
Services By CQR