The TFTPUtil GUI server version 1.4.5 can be DOSed by sending a specially crafted read request. Depending of the setup, sending write request "x00x02" may also work. Discovered by musashi42.
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in search variable. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.
This is a proof of concept exploit for the revilloC mail server that targets XP SP1. It takes advantage of a buffer overflow vulnerability in the USER command to cause an access violation. The exploit code is written in Perl and uses a shellcode to execute arbitrary code on the target system.
This vulnerability allows for remote code execution in j-integra v2.11. The object classid 'clsid:F21507A7-530F-4A89-8FE4-9D989670FD2C' is not marked safe for scripting, allowing an attacker to execute arbitrary code. The exploit has been tested on XP SP3 IE7. The impact is considered low due to the object not being marked safe for scripting. The vulnerability was silently patched by the developers in version v2.12.
This exploit targets FoxPlayer version 2.4.0 by sending a specially crafted .m3u file. It causes the application to crash due to a buffer overflow vulnerability.
This module exploits an arbitrary PHP code execution flaw in the Limbo version 1.*. All versions UNPATCHED Limbo 1.x are affected.
This exploit is a buffer overflow vulnerability in OTSTurntables version 1.00.028. The vulnerability can be exploited locally by using a specially crafted m3u or ofl file. By exploiting this vulnerability, an attacker can gain control of the affected system and execute arbitrary code.
The KmxSbx.sys kernel driver in CA Internet Security Suite 2010 is vulnerable to a pool corruption vulnerability in the handling of IOCTL 0x88000080. This allows an attacker with local access to execute arbitrary code within the kernel.
This tool is a compiling tool for Enet. It is vulnerable to a buffer overflow attack. The vulnerability lies in the 'putint' function, where an attacker can supply a large input value that exceeds the buffer size and overwrite adjacent memory. This can lead to remote code execution or a denial of service.
The Xion Audio Player version 1.0.127 is vulnerable to a buffer overflow vulnerability when parsing m3u files. This vulnerability can be exploited by an attacker to execute arbitrary code on the target system. The exploit code provided in the script triggers the buffer overflow and executes a bind shell payload on port 4444.
Services By CQR