The vulnerability allows remote attackers or local low privileged user accounts to manipulate specific application requests or content. Successfuly exploitation of the vulnerability can result in session hijacking, persistent phishing attacks, persistent external redirects to malicious sources and persistent manipulation of affected or connected module context.
Multiple persistent and non-persistent Input Validation vulnerabilities are detected on Barracudas Control Center 620. Local low privileged user account can implement/inject malicious persistent script code. When exploited by an authenticated user, the identified vulnerabilities can lead to information disclosure, access to intranet available servers, manipulated persistent content. Attackers can form malicious client-side requests to hijack customer/admin sessions. Successful exploitation requires user interaction and can lead to information disclosure, session hijacking and access to servers in the intranet.
This exploit generates a corrupted acc file which has to be saved in the directories where TORCS loads its data, for example replace cars/car4-trb1/car4-trb1.acc and put test.acc or create a new car/track and select it in the TORCS menu.
The vulnerability is caused due to an error when processing TIFF images with certain 'Rows Per Strip' and 'Samples Per Pixel' values, which can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted TIFF image file.
The vulnerability is caused due to the 'Free_All_Memory()' function not properly setting certain decoder elements to NULL after freeing them, which can be exploited to cause a double-free condition via specially crafted FPX images.
This exploit creates a file called 'Crash.mp3' which contains a string of 'x41' characters repeated 2048 times. When the file is opened with the Free Mp3 Player 1.0, the application crashes due to the large size of the file.
A SQL injection vulnerability exists in Joomla Component (com_dshop) which allows an attacker to execute arbitrary SQL commands via the 'idofitem' parameter in a 'flypage' action to the 'fpage' controller.
An attacker can exploit a SQL injection vulnerability in DotA OpenStats version 1.3.9 and below to gain unauthorized access to the application. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'index.php' script. An attacker can send a malicious HTTP request containing a specially crafted SQL statement to the vulnerable script and execute arbitrary code in the application's database.
This vulnerability, due to a weak filter, lets you download any unprotected remote content, under PDF format. The exploit may not work, depending on the set up htaccess/chmod rules on the remote server.
A SQL Injection vulnerability is detected on the appRain CMF v0.1.5. The bug allows an remote attacker to inject/execute own sql statements over the vulnerable param request. Successful exploitation of the bug can lead to dbms & cms compromise. A non-persistent cross site scripting vulnerability is detected on appRain CMF v0.1.5. The vulnerability allows remote attackers to hijack skype customer sessions via cross site scripting. Successful exploitation of the client-side vulnerability can result in session hijacking & account steal (user/customer/moderator/administrator).
Services By CQR