CoolPlayer+ is prone to a buffer overflow vulnerability when handling specially crafted .m3u files. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
The domain parameter in the URL http://site/view/lang/index.php?page=area.php&domain=3%27 is vulnerable to SQL injection.
A Local File Inclusion (LFI) vulnerability was discovered in Media In Spot. An attacker can exploit this vulnerability to gain access to sensitive files on the server, such as the /etc/passwd file. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'page' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable script. Successful exploitation of this vulnerability may allow an attacker to gain access to sensitive files on the server.
XtreamerPro suffers from a directory traversal with appending the '/' character in the HTTP GET method of the affected host address. XtreamerPro also prone to an authentication bypass vulnerability. This vulnerability can be exploited by remote attackers to access sensitive data on the server without being authenticated. The attacker can also upload files to any location on the server, without being authenticated, using a multipart/form-data post.
frame-oshop is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious payload to the vulnerable application. The malicious payload can be sent as a parameter in the URL. The payload can be used to extract sensitive information from the database.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable parameter in the HTTP request. This can allow an attacker to gain access to sensitive information from the database, such as usernames and passwords.
A heap overflow vulnerability exists in Winamp's 'in_midi' component when parsing a specially crafted System Exclusive message type (event). The vulnerability occurs when the first byte of the message is equal to 0xFF and the second byte is equal to 0xF0. This causes the program to call the sub_766D702 function with an incorrect size parameter, resulting in a heap overflow.
A vulnerability exists in OSC 2.3.1 which allows an attacker to upload a malicious file to the server. By exploiting this vulnerability, an attacker can upload a malicious file to the server and execute arbitrary code. The vulnerability is due to insufficient validation of the uploaded file. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request containing a malicious file to the vulnerable server.
This vulnerability allows an attacker to upload arbitrary files to the vulnerable WordPress EditorMonkey (FCKeditor) plugin. The vulnerability exists due to insufficient validation of the file type when uploading files. An attacker can exploit this vulnerability by uploading a malicious file to the vulnerable plugin. Successful exploitation of this vulnerability can result in arbitrary code execution on the vulnerable system.
Dreambox suffers from a file download vulnerability thru directory traversal with appending the '/' character in the HTTP GET method of the affected host address. The attacker can get to sensitive information like paid channel keys, usernames, passwords, config and plug-ins info, etc.
Services By CQR