The vulnerability is a double free. It occurs when multiple buffers are allocated to handle a very large Name (N) field in the vCard (.vcf) file. This file can be received by MMS or Bluetooth. After opening the malformed vcf file, it gives an error dialog. Then it frees the buffers and crashes.
User can execute arbitrary JavaScript code within the vulnerable application. The vulnerability exists due to failure in the "snews.php" script to properly sanitize user-supplied input in "website_title" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
This exploit is for Winamp version 5.5.8.2985 with the in_mod plugin. It exploits a stack overflow vulnerability in the software. The exploit allows an attacker to execute arbitrary code on a Windows XP SP3 system that is fully patched but does not have ASLR or DEP bypass. The bug was found by a user on the website exploit-db.com and the proof of concept (POC) was created by fdisk. The exploit itself was developed by Mighty-D. The exploit is able to bypass certain security measures and gain control of the system.
This exploit allows an attacker to change the admin password in Travel PORTAL web application using a CSRF vulnerability. The attacker can craft a malicious HTML page that automatically submits a form to change the password without the knowledge or consent of the admin. The vulnerability exists in the /admin directory of the application.
This exploit allows an attacker to upload arbitrary files to the Geeklog website using the vulnerable FCKeditor component. By uploading a file with malicious content, an attacker can gain unauthorized access or execute remote code on the server.
An unauthenticated remote attacker without any kind of credentials can access the SMB service under the credentials of an authorized user. Depending on the privileges of the authorized user, and the configuration of the remote system, an attacker can gain read/write access to the remote file system and execute arbitrary code by using DCE/RPC over SMB.
Decrypt data using Vaudenay's cbc-padding-oracle-side-channelEncrypt data using Rizzo-Duong CBC-R technique
The ConvexSoft DJ Audio Mixer software is vulnerable to a Denial of Service attack. By sending a specially crafted request, an attacker can cause the software to crash, resulting in a denial of service condition.
The DATAC RealWin SCADA server package for medium/small applications is vulnerable to two stack overflow vulnerabilities. The first vulnerability occurs in the SCPC_INITIALIZE and SCPC_INITIALIZE_RF functions, where a stack-based buffer overflow is caused by the usage of sprintf(). The second vulnerability occurs in the SCPC_TXTEVENT function, where a stack-based overflow is caused by the usage of strcpy() with data supplied by the attacker.
This exploit creates a file with the name 'killer.m3u' containing a large amount of junk data. This can lead to a denial of service attack on the Karaoki software.
Services By CQR