This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code.
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code.
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code.
This module exploits NNM's nnmRptConfig.exe. Similar to other NNM CGI bugs, the overflow occurs during a ov.sprintf_new() call, which allows an attacker to overwrite data on the stack, and gain arbitrary code execution.
Web Wiz Forum is vulnerable to SQL injection. Attackers can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter. For example, http://site.com/default.asp?pid=524' or http://site.com/viewproduct.asp?PID=130'
Constructr CMS 3.03 is vulnerable to an arbitrary file upload vulnerability. An attacker can upload a malicious file to the server, which can be used to execute arbitrary code on the server. This vulnerability is due to insufficient validation of the uploaded file type. An attacker can exploit this vulnerability by uploading a malicious file to the server.
TCPUploadServer allows remote users to execute functions on the server without any form of authentication. Impacts include deletion of arbitrary files, execution of a program with an arbitrary argument, crashing the server, information disclosure, and more. This design flaw puts the host running this server at risk of potentially unauthorized functions being executed on the system.
There are multiple remote uninitialized pointer free conditions in IGSS's ODBC server. By sending a specially crafted packet to listening port 20222, it is possible to crash the server. Execution of arbitrary code is unlikely.
VMCPlayer can be DoS'ed by passing an invalid file path during start-up process or manually entering an invalid file name to OpenFileDialog. This causes a null pointer to be passed to fread() function as a FILE* stream which causes the application to crash.
This module exploits remote syscalls in DRuby by sending a payload encoded in a shell script to the target host. The payload is then executed by the DRuby server.
Services By CQR