FleaHttpd is a http daemon written from scratch in C. When working as a static file server, data show that under certain condition, fleahttpd's speed for static file retrieving can be three times faster than Apache2. This exploit uses a socket connection to send a packet to the server, which causes the server to crash.
The Reflection FTP client, didn't validate the maximum length of a directory when a LIST command is issuing. An overly long directory name can overflow the heap and corrupt memory.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the application. The query will cause the application to wait for a certain amount of time before responding. This can be used to determine if the application is vulnerable to SQL injection.
A null pointer dereference vulnerability exists in Firefox versions <= 8.0 due to improper validation of user-supplied input. An attacker can exploit this vulnerability by crafting a malicious HTML page and convincing the victim to open it. This will cause the application to crash and potentially allow arbitrary code execution.
A Blind SQL Injection vulnerability exists in Pixie CMS versions 1.01 - 1.04. An attacker can send a specially crafted HTTP request with a malicious Referer header to the vulnerable application in order to execute arbitrary SQL commands. If the condition is true, the application will respond with a timeout of ~5 seconds.
The WordPress AdRotate plugin version 3.6.6 is vulnerable to a SQL injection vulnerability due to incorrect usage of the wpdb->prepare() function. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a Base64 encoded payload in the 'track' parameter. This will allow the attacker to execute arbitrary SQL queries on the underlying database.
This module exploits a stack based buffer overflow found in Mini-Stream RM-MP3 Converter v3.1.2.1. The overflow is triggered when an unsuspecting victim opens the malicious PLS file.
Optima is a suite of automation software for controlling PLC via SCADA/HMI interface. APIFTP Server is a file server for working with remote files located on shared folders. NULL pointer exploitable through too long path names. The effect is the displaying of a MessageBox with the error and the continuing of the execution that will lead to a stack exaustion after some seconds and the termination of the server. Endless loop with CPU at 100% caused by incomplete packets.
An attacker could be able to manipulate the "id" parameter in order to inject arbitrary PHP code.
The 'zorder' parameter was not properly sanitized upon submission to the administrator/index2.php url, which allows attacker to conduct SQL Injection attack.
Services By CQR