DesignWorks Professional 4.3.1 is vulnerable to a local stack buffer overflow. The vulnerability is triggered when a specially crafted .CCT file is opened. This PoC creates a file with 10,000 'A' characters, which when opened in DesignWorks Professional 4.3.1, causes a stack buffer overflow.
A vulnerability exists in ASPAPPS Portal which allows an attacker to execute arbitrary code remotely. The vulnerability is due to the application not properly sanitizing user-supplied input before using it in a SQL query. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
A vulnerability exists in ASPAutoDealer which allows remote attackers to execute arbitrary code. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This can result in the attacker executing arbitrary code in the context of the application.
A vulnerability in ASP Ticker 1.0 allows remote attackers to execute arbitrary code by uploading a malicious .mdb file to the news.mdb directory. This can be done by sending a POST request to the news.mdb directory with a malicious .mdb file as the payload.
The 'extractPagesToFile' method of Visagesoft eXPert PDF EditorX (VSPDFEditorX.ocx) does not check user supplied arguments, allowing an attacker to save/overwrite a specified file passed as argument.
A vulnerability has been found in NULL FTP Server. When exploited, this vulnerability allows an authenticated user to execute arbitrary shell commands on the FTP server. In order to exploit this vulnerability, the FTP SITE commands must be enabled on the server and the SITE commands must be configured to accept parameters from the user.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'ID' parameter of the 'detail.asp' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Also, the application discloses the database file 'auto.mdb' which contains sensitive information.
A vulnerability in the tizag-countdown_Version_3 script allows an attacker to upload a malicious file to the server. The malicious file can be accessed via the URL www.site.com/path/pics/file.php
A vulnerability in Cold BBS script allows an attacker to download the cforum.mdb database file from the server. The file can be downloaded from http://www.peachydandy.com/scripts/download.php?go=2&file=4&mirror=7
A vulnerability in Merlix Teamworx Server allows an attacker to bypass authentication and gain access to the server. The vulnerability is due to the application not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable server. This will allow the attacker to bypass authentication and gain access to the server.
Services By CQR