Microsoft Windows Media Player is prone to a denial-of-service vulnerability when processing a malformed AU file. A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle certain HTML code. This issue is triggered when a remote attacker entices a victim user to visit a malicious website. Attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.
An attacker can exploit this issue to reconfigure Tor and significantly weaken the anonymity provided by the software. An attacker can inject malicious code into the Tor ControlPort to rewrite the torrc file, enabling debug logging and an erroneous ExitPolicy. This will allow the attacker to run a malicious program on the next boot.
This exploit causes a denial of service in Internet Explorer when a maliciously crafted Shockwave file is opened. The vulnerability is caused due to a boundary error in the handling of Shockwave files. This can be exploited to cause a stack-based buffer overflow by passing an overly long argument to the swURL property of the Shockwave ActiveX control.
PhpHostBot is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Multiple browsers are prone to vulnerabilities that let attackers inject commands through various protocol handlers. Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through processes such as 'cmd.exe' by employing various URI handlers. An attacker can exploit these issues to carry out various attacks by executing arbitrary commands on a vulnerable computer.
This exploit allows an attacker to execute arbitrary code on a vulnerable WebText 0.4.5.2 installation. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'go' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an executable PHP code in the 'go' parameter.
A remote SQL injection vulnerability exists in Acronym Mod v0.9.5. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.
This module exploits a heap based memory corruption in Lighttpd <= 1.4.15. This vulnerability is caused due to danling pointer dereference while handling folded http headers.
Trillian is prone to remote command- and code-execution vulnerabilities because the application fails to properly handle user-supplied input via a registered URI. Successfully exploiting these issues allows attackers to execute arbitrary commands or code in the context of the affected application.
Services By CQR