Adobe RoboHelp 9 is vulnerable to DOM Cross Site Scripting (XSS) attacks. This vulnerability is due to insufficient input validation of user-supplied data. An attacker can exploit this vulnerability by enticing an unsuspecting user to click on a malicious link. This can result in the execution of arbitrary HTML and script code in the context of the affected user’s browser.
This module exploits an use after free vulnerability in Mozilla Firefox 3.6.16. An OBJECT Element mChannel can be freed via the OnChannelRedirect method of the nsIChannelEventSink Interface. mChannel becomes a dangling pointer and can be reused when setting the OBJECTs data attribute. (Discovered by regenrecht). This module uses heapspray with a minimal ROP chain to bypass DEP on Windows XP SP3.
This exploit allows a remote attacker to execute arbitrary code on a vulnerable system. It is a port of an exploit originally written for HP-UX to Linux. It takes advantage of a vulnerability in the Data Protector software, which is used to manage backups on HP systems. The vulnerability is caused by a buffer overflow in the Data Protector service, which can be triggered by sending a specially crafted packet to the service. The exploit then sends a shellcode to the vulnerable system, which is then executed with root privileges.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can be done by appending the malicious SQL statement to the searchId parameter in the HTTP request. This will allow the attacker to gain access to the database and execute arbitrary SQL queries.
iPhone/iPad Phone Drive 1.1.1 is vulnerable to a directory traversal attack which allows an attacker to read arbitrary files from the server. This vulnerability is due to insufficient sanitization of user-supplied input to the 'url' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable server. Successful exploitation will allow the attacker to read arbitrary files from the server.
An attacker can upload a malicious file with a .gif extension and a malicious code inside it, and then rename it to a .php.gif extension. This will allow the attacker to execute arbitrary code on the server.
This PoC exploits a buffer overrun vulnerability in Microsoft Excel when parsing SLYK format files. The PoC creates a malicious SLYK file with 550 lines of 'P;PAAAA' followed by a single 'P' character. When opened in Excel, the buffer overrun occurs, potentially allowing arbitrary code execution.
A buffer overflow vulnerability exists in Acoustica Mixcraft v1.00 Build 10. An attacker can exploit this vulnerability by creating a specially crafted .mxc file and sending it to the victim. When the victim opens the file, the attacker can execute arbitrary code on the victim's system.
BlogPHP v2 is vulnerable to Cross-Site Scripting (XSS). An attacker can inject malicious JavaScript code into the Username field of the register.html page. When a user visits the members.html page, the malicious code will be executed in the user's browser. This can be used to redirect the user to a malicious website or to exploit the user's browser.
When the administrator delete a user account, an attacker can enter a XSS script in the Nickname field. Though the nickname length is 20 in signin step, the variable length is 40 in DB schema. So an attacker can enter a nickname with length 40. An attacker can also modify the nickname field by local web proxy when submitting user information. When the administrator access the member management page or the member information page, an attacker can enter a XSS script in the Homepage & Blog field.
Services By CQR