Elecard AVC_HD/MPEG Player 5.7 is vulnerable to a stack-based buffer overflow vulnerability when processing specially crafted .m3u files. An attacker can exploit this vulnerability by sending a malicious .m3u file to the victim, which when opened in the vulnerable application, can lead to arbitrary code execution.
A local file inclusion vulnerability in WordPress OPS Old Post Spinner 2.2 can be exploited to include arbitrary files.
A local file inclusion vulnerability in WordPress jQuery Mega Menu 1.0 can be exploited to include arbitrary files.
PhreeBooks R30RC4 is vulnerable to Local File Inclusion and Reflected Cross-site Scripting. An attacker can exploit this vulnerability by sending a maliciously crafted URL to the target server. The malicious URL contains a malicious script which is then executed by the web server. The malicious script can be used to steal sensitive information or execute arbitrary code on the target server.
The vulnerability is caused due to a NULL pointer dereference when processing malicious Printer Job (.pj) files and can be exploited to crash the application and cause a heap corruption and denial of service scenarios.
The script in INSTALL/install.php does not correctly validate entered fields, allowing for code execution. Additionally, a SQL injection vulnerability exists, allowing for the retrieval of the MySQL version.
A directory traversal vulnerability exists in iPhone MyDocs 2.7 which allows an attacker to access sensitive files on the system. The vulnerability is due to insufficient input validation when handling user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request containing directory traversal sequences (e.g., '../') to the vulnerable application. This can allow the attacker to access sensitive files on the system, such as the /etc/passwd file. Successful exploitation of this vulnerability can result in the disclosure of sensitive information.
A directory traversal vulnerability exists in iPhone iFile 2.0. An attacker can exploit this vulnerability to gain access to sensitive information such as phone book, safari favorites, user email info, network information, and the passwd file. This is achieved by sending a specially crafted HTTP request containing directory traversal characters to the vulnerable application. Successful exploitation of this vulnerability could result in unauthorized access to sensitive information.
This exploit allows an attacker to access sensitive files on an iPhone running iPhone Folders 2.5. The exploit uses a directory traversal vulnerability to access files such as the AddressBook.sqlitedb, Safari favorites, user email info, network info, and the passwd file. The exploit is written in Python and requires the user to enter the address of the iPhone and the file they wish to access.
A stack buffer overflow vulnerability exists in Edraw Office Viewer Component V7.4. The vulnerability is caused due to a boundary error when handling specially crafted HTML documents containing an overly long string in the Toolbars parameter of the OA1 object. This can be exploited to cause a stack-based buffer overflow via a specially crafted HTML document.
Services By CQR