This exploit targets LAN Messenger version 1.2.28 and below, causing a remote denial of service. It sends a malformed request to the target, resulting in a crash. The exploit has been tested on Windows XP SP3 Professional German and Windows 2008R2 SP1 German.
This exploit allows an attacker to overwrite the Structured Exception Handler (SEH) in the SAMSUNG NET-i viewer ActiveX control. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system.
This exploit allows an attacker to execute arbitrary scripts in the context of the user's browser, potentially compromising their session or stealing sensitive information.
The McAfee Virtual Technician 6.3.0.1911 ActiveX Control has a vulnerability that allows an attacker to bypass security and execute remote code. This vulnerability is due to the unsafe implementation of the GetObject() function in the control. By specifying the ProgID of an arbitrary class from the underlying operating system, an attacker can load and execute operating system commands. Additionally, it is possible to crash the browser by specifying an arbitrary memory address.
This module exploits a vulnerability found in WebCalendar version 1.2.4 or less. If not removed, the settings.php script meant for installation can be updated by an attacker, and then inject code in it. This allows arbitrary code execution as www-data.
This vulnerability allows an attacker to perform a Denial of Service attack on Nokia PC Suite Video Manager versions <= 7.1.180.64. By sending a specially crafted payload, the application crashes or becomes unresponsive, causing a denial of service to legitimate users.
Crafting a .chm file is possible to cause a stack based buffer overflow.
The WebCalendar <= 1.2.4 is vulnerable to remote code execution. The vulnerability exists in the /install/index.php file (CVE-2012-1495). The code at line 726 attempts to open a file for writing, but does not check if the file handle is empty. This allows an attacker to write arbitrary PHP code to the file, resulting in remote code execution.
This exploit allows an attacker to execute arbitrary commands on the target system through a remote code inclusion vulnerability in Claroline <= 1.7.6. The vulnerability is due to the insecure handling of user input in the "includePath" parameter, which can be exploited to include arbitrary PHP code from a remote location. By crafting a specially crafted request, an attacker can execute arbitrary commands on the target system.
The form action attribute is manipulated to send form data to an external page.
Services By CQR