A Cross-Site Scripting (XSS) vulnerability exists in Online Subtitles Workshop due to improper validation of user-supplied input in the 'video_comments.php' script. An attacker can inject malicious HTML or JavaScript code into the 'message' parameter of the 'video_comments.php' script, which will be executed in the browser of any user who views the comments page.
YJ Contact us - Enhanced Joomla Contact Form is vulnerable to a Local File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This can allow the attacker to read arbitrary files from the server.
This module executes an arbitrary payload through the SAP Management Console SOAP Interface. A valid username and password must be provided.
This module exploits a vulnerability in the lib/functions.php that allows attackers input parsed directly to the create_function() php function. A patch was issued that uses a whitelist regex expression to check the user supplied input before being parsed to the create_function() call.
A vulnerability in BlueZone Desktop allows a local attacker to cause a denial of service by creating a specially crafted .zmd file. The vulnerability is due to an error when handling a specially crafted .zmd file. An attacker can exploit this vulnerability by creating a specially crafted .zmd file and convincing a user to open it with bzmd.exe. Successful exploitation will cause the application to crash.
A denial of service vulnerability exists in BlueZone Secure FTP v5.2C1 Build 1469 due to a malformed .zft file. By creating a file with a specific header and a large amount of junk data, an attacker can cause the program to crash.
This exploit is a proof-of-concept for a remote denial-of-service vulnerability in zFTP Server version 2011-04-13 08:59. The vulnerability is triggered by sending a specially crafted CWD command with a long string of asterisks as a parameter. This causes the server to crash.
This module exploits a stack based buffer overflow found in Cytel Studio <= 9.0. The overflow is triggered during the copying of strings to a stack buffer of 256 bytes.
This exploit is a Denial of Service (DoS) vulnerability in Google Chrome. It is caused by a memory exhaustion issue when a large number of unescaped strings are written to the document.write() function. This causes the browser to crash.
The vulnerability is caused by a NULL pointer dereference in the Windows kernel when handling certain messages sent to a window. An attacker can exploit this vulnerability by sending a specially crafted message to a window, resulting in a denial of service (BSOD).
Services By CQR