CiscoKits CCNA TFTP Server version 1.0.0.0 is vulnerable to a denial of service attack. Sending a file name of more than 222 characters to the server via the WRITE or READ command will cause the server to crash.
Social Slider is vulnerable to SQL injection due to improper sanitization of user-supplied input in the 'action' and 'rA[]' parameters of the 'ajax.php' script. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the application's database.
A SQL injection vulnerability exists in ProPlayer plugin version 4.7.7 and earlier. The vulnerability is due to the application not properly sanitizing user-supplied input to the 'pp_playlist_id' parameter in the 'playlist-controller.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database.
This module logs in to an GlassFish Server 3.1 (Open Source or Commercial) instance using a default credential, uploads, and executes commands via deploying a malicious WAR. On Glassfish 2.x, 3.0 and Sun Java System Application Server 9.x this module will try to bypass authentication instead by sending lowercase HTTP verbs.
This exploit allows an attacker to execute arbitrary commands on a vulnerable HP Data Protector system running on HPUX. The vulnerability is due to a lack of authentication when sending specially crafted packets to the Data Protector service. An attacker can exploit this vulnerability to execute arbitrary commands with root privileges.
WP e-Commerce <= 3.8.4 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to the user_login and user_pass of the wp_users table. This vulnerability exists due to improper sanitization of user-supplied input in the 'collected_data' parameter of the 'page_id' parameter of the 'edit_profile' page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application.
This script triggers a buffer overflow attack against Unrar, the linux popular version of WinRar extractor. It was not developped to bypass non-executing stack patches.
OpenSLP is vulnerable to a Denial of Service attack due to a buffer overflow in the handling of Service Location Protocol (SLP) messages. An attacker can send a specially crafted SLP message with an overly long extension field, which will cause a buffer overflow and crash the service. This vulnerability affects OpenSLP v1.2.1 and trunk before revision 1647, as well as some other SLP softwares such as mSLP.
This module exploits a buffer overflow vulnerability found in Freeamp 2.0.7. The overflow occurs when an overly long string is parsed in the FAT file. This module creates a txt file that has to be used in the creation of a FAT file. The FAT file then has to be imported as a theme. To create the FAT file you need to first decompress the basic theme template, MakeTheme -d freeamp.fat. Next create the new FAT file MakeTheme crash.fat theme.xml title.txt *.bmp.
The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'idNews', 'id', 'ID_Product', 'ID_Category', and 'ID_SubCategory' parameters in 'newsDetail.asp', 'articledetail.php', 'prodetail.asp', 'subcategory.asp', and 'newsdetail.php' scripts. A remote attacker can execute arbitrary SQL commands in application's database and gain access to sensitive data.
Services By CQR