This exploit is a proof of concept for a local crash in XMPlay. It creates a .pls file with a large number of 'pwned' characters, which causes a stack overflow when the file is opened in XMPlay.
The vulnerability allows an attacker to bypass authentication of the Star Vision DVR IP Camera. The attacker can open the Chrome browser, enter the IP address or domain to see the login screen of the camera, press the F12 key to open the browser console, click the Console tab and enter the code 'login_set(1,1,1,1);'. Then, the attacker can go to page view2.html and access the camera.
A buffer overflow vulnerability exists in the NetKit FTP client in Ubuntu 14.04. An attacker can exploit this vulnerability by sending a specially crafted FTP command containing an overly long string to the FTP server. This will cause the application to crash, resulting in a denial of service condition.
This exploit is used to crash the Ability FTP Server Admin Panel by sending a large number of 'authcode' commands to the server. This exploit was discovered by St0rn in 2015 and affects version 2.1.4 of the Ability FTP Server.
Ability FTP Server is vulnerable to a remote denial of service attack. By sending a specially crafted USER command with an overly long argument, an attacker can cause the server to crash. This vulnerability affects Ability FTP Server version 2.1.4 and prior.
Normal user can inject sql query in the url which lead to read data from the database.
A SEH based overflow vulnerability exists in Microsoft HTML Help Compiler. An attacker can exploit this vulnerability by sending a specially crafted file to the vulnerable application. This can allow the attacker to execute arbitrary code in the context of the application.
This exploit allows an attacker to gain access to the management interface of TOTOLINK routers and execute arbitrary commands on the device. The exploit works on A850R-V1, F1-V2, F2-V1, N150RT-V2, N151RT-V2, N300RH-V2, N300RH-V3, N300RT-V2 until the last firmware. The exploit is triggered by sending a specific string to the router on port 5555.
The vulnerability exists due to insufficient validation of user-supplied input in the 'f' and 'l' parameters of '/plugins/gkplugins_picasaweb/plugins/plugins_player.php' script. A remote attacker can download arbitrary files from the vulnerable server by sending a specially crafted HTTP request.
Authenticated user can execute arbitrary SQL queries via SQL injection in the functionality that allows to publish/unpublish an event.
Services By CQR