A vulnerability exists in the way Disk Pulse Server v2.2.34 processes a remote client's "GetServerInfo" request. The vulnerability is caused due to a boundary error in libpal.dll when handling network messages and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 9120.
This exploit targets the AoA Audio Extractor v2.x ActiveX control. It uses a ROP (Return-Oriented Programming) technique to manipulate the stack and execute arbitrary code. The exploit has been tested on a fully patched Windows XP SP3 system with Internet Explorer 8. It may not be reliable on other systems due to the use of static addresses from Windows libraries. The exploit does not have ASLR (Address Space Layout Randomization) enabled on XP SP3. The exploit is not marked safe for scripting. It was built with love!
This exploit targets the SnackAmp 3.1.3B software and utilizes a buffer overflow vulnerability to execute arbitrary code. It bypasses both SEH and DEP protections. The exploit payload is a shellcode that opens the calculator application on the target system.
The FileApp application version 2.0 and earlier for iPhone, iPod, and iPad is vulnerable to directory traversal. An attacker can exploit this vulnerability to access files outside of the intended directory structure.
PhpMyShopping v1.0.1505 is vulnerable to blind SQL injections and XSS attacks. The blind SQL injection vulnerability can be exploited through the 'detail_article.php' page with the 'C' and 'P' parameters. An attacker can manipulate these parameters to execute arbitrary SQL queries. The XSS vulnerability can also be exploited through the same page with the 'C' and 'P' parameters by injecting malicious JavaScript code.
This version of ASP Shopping Cart has CSRF vulnerability for upload a file with fckEditor. The vulnerability requires the admin's cookie and bypassing a specific file extension implemented by FckEditor v2.
This exploit takes advantage of a vulnerability in Quick Player 1.3 to execute arbitrary code. The exploit uses a unicode SEH overwrite technique to hijack the program flow and execute a shellcode that opens the calculator. The vulnerable version of Quick Player is 1.3 and it has been tested on Windows XP SP2.
This exploit allows an attacker to perform blind SQL injection on a Webspell wCMS-Clanscript version 4.01.02net and earlier. The vulnerability was discovered by Easy Laster and the exploit was coded by Dr.ChAoS. The exploit takes advantage of a static&static blind SQL injection vulnerability in the software.
The PKT_CTRL_CMD_STATUS device ioctl retrieves a pointer to a pktcdvd_device from the global pkt_devs array. The index into this array is provided directly by the user and is a signed integer, so the comparison to ensure that it falls within the bounds of this array will fail when provided with a negative index. This allows an attacker to disclose 4 bytes of arbitrary kernel memory per ioctl call by specifying a large negative device index, causing the kernel to dereference to our fake pktcdvd_device structure in userspace and copy data to userspace from an attacker-controlled address.
The vulnerability exists in Microsoft Excel 2002 SP3. An attacker can exploit this vulnerability to corrupt the heap memory, leading to potential remote code execution.
Services By CQR