A-PDF All to MP3 Converter version 2.0.0 is vulnerable to a stack based buffer overflow. By dragging a specially crafted WAV file, an attacker can execute arbitrary code on the vulnerable system. The exploit code contains a 220 byte shellcode that executes the command 'cmd' on the vulnerable system.
You can add blogpost comments that does not get filtered for HTML-Code. Simply add an Comment with for example the Content <script>alert(1337);</script> Your <script> code will get executed by every visitor who reads the comments!
The web management interface of SmoothWall Express 3.0 is vulnerable to XSS and CSRF. An attacker can exploit this vulnerability by sending a malicious script to the web management interface of SmoothWall Express 3.0. The malicious script can be used to execute arbitrary code on the vulnerable system. For CSRF, an attacker can send a malicious request to the web management interface of SmoothWall Express 3.0, which can be used to execute arbitrary code on the vulnerable system.
The 'team_id' variable is not sanitized before using in SQL query in 'team.php', allowing an attacker to elevate the attack to bypass PHP-Fusion's GET variable XSS filter by using back-ticks instead of brackets used in any php function in that case shell_exec(). The attack can be further escalated by writing a malicious file to the server.
Advanced Webhost Billing System (AWBS) is webhosting billpay software written in PHP. A Blind SQL Injection vulnerability exists in the AWBS 2.9.2 version, which allows an attacker to execute arbitrary SQL commands on the vulnerable system. The vulnerability is present in the ‘ca=add_other&oid’ parameter of the ‘cart’ page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable system.
This exploit uses a buffer overflow vulnerability in ActiveX UserManager 2.03 to overwrite SEH with 00410041. The exploit is triggered by passing a string of 1044 'A's as an argument to the SelectServer method.
A local file inclusion vulnerability exists in the Joomla Component com_people. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. The request contains a malicious URL parameter which points to a file on the server. If the file exists, it will be included in the response and the attacker can gain access to sensitive information.
A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered, unencrypted content to be presented to a user through two different cookies. Alter the value of cookies called 'default_news' or 'sponsors' and then view a site page which includes controllers/index.ctrl.php or controllers/settings.ctrl.php that will render the cookies as they exist on the user's machine.
The BetMore Site Suite version 4 is vulnerable to Blind-Injection. An attacker can exploit this vulnerability by sending a crafted request to the mainx_a.php file with a true-value parameter and a Blind-Injection parameter. An example of such a request is '/mainx_a.php?lngx=12&x=367&xid=2&bid=78222 and substring(version(),1,1)=4'. If the response is true, then the Blind-Injection was successful.
KisKrnl.sys hook the kernel function KiFastCallEntry, but is not correctly handle user stack pointer. The exploit code is written in assembly language and it moves 0x80000000 to edx and 0x101 to eax and then calls int 0x2e.
Services By CQR