Jarida 1.0 is vulnerable to SQL injection in the article.php and photo.php scripts. By manipulating the 'id' parameter in the URL, an attacker can inject arbitrary SQL code into the application. This can be exploited to gain access to the database and extract sensitive information.
The WordPress CevherShare 2.0 plugin is vulnerable to a SQL Injection vulnerability due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'cevhershare-admin.php' script. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the underlying database, allowing for the manipulation or disclosure of arbitrary data.
GMER don't check all inputs addresses of an IOCTL, which can lead to an integer overflow and set a userland pointer. This can be exploited to overwrite a buffer with attacker-supplied binaries data.
This exploit is a buffer overflow vulnerability in the Freefloat FTP Server. It allows an attacker to bypass Data Execution Prevention (DEP) by sending a specially crafted MKD command with a long string of data. This causes a stack-based buffer overflow, which allows the attacker to execute arbitrary code.
This exploit is a remote buffer overflow vulnerability in Cogent Datahub <= v7.1.1.63. It was discovered by Luigi Auriemma and exploited by Steven Seeley. The exploit sends an overflow of data to the vulnerable application, which then allows the attacker to gain remote code execution on the target system. The exploit was tested on Windows Server 2003 and Windows XP SP3.
This authentication schema could be bypassed due to an attacker might be able to start a session accessing to /index.php that set for e.g. the 'jak_lastURL' session variable, so could be set $SESSION['check_session_variable'] to bypass the check at line 125. Successful exploitation allows attackers access to plugins functionality (see /js/editor/plugins/jakadminexplorer/php/action.php), in this way an attacker could be able to 'delete', 'create', 'rename' any folder/file into webserver or upload arbitrary files. The same vulnerability afflicts also jakadminimage, jakusrexplorer and jakusrimage plugins.
The software is unable to handle the "<StyleTemplate>" files (even those original included in the program) like those with the registered extensions QUO, SUM and POR. Successful exploitation of this vulnerability may take up to several seconds due to the use of egghunter. Also, DEP bypass is unlikely due to the limited space for payload.
This module exploits a buffer overflow in the PuTTY SSH client that is triggered through a validation error in SSH.c.
EViews is a software for econometric and statistical analysis. The program uses a particular function for allocating memory for the arrays used in the WF1 files. In short if the reallocation fails it's possible to write a memory pointer and a NULL in the expected last two positions of the “supposedly” reallocated array so with possibilities of corrupting memory zones almost arbitrarialy. The vulnerability is exploitable only if the value is greater than 0x32 and the attacker can control it. The same function used for the memory corruption can be used for triggering a heap overflow if the value is greater than 0x32 and smaller than 0xfffffffc. In this case the attacker can overwrite the heap with a controlled value.
A buffer overflow vulnerability exists in ScriptFTP 3.3 which allows an attacker to execute arbitrary code on the target system. The vulnerability is triggered when a maliciously crafted LIST command is sent to the FTP server. This can be exploited by an attacker to execute arbitrary code on the target system.
Services By CQR