The DoS exploit is caused by an unhandled Access Violation Exception in the i_view32.exe module of IrfanView 4.28. It can be triggered by opening a specific icon file, either locally or remotely.
The DoS vulnerability in IrfanView 4.28 is caused by a not handled Access Violation Exception in the module i_view32.exe. It can be triggered by opening a malicious ICO file.
JCE makes creating and editing Joomla!® content easy Add a set of tools to your Joomla!® environment that give you the power to create the kind of content you want, without limitations, and without needing to know or learn HTML, XHTML, CSS...
This exploit targets the AFD.sys driver in Windows XP SP3, causing a local denial of service (DoS) attack. It utilizes a specific buffer to trigger the vulnerability and crash the system.
There is a Blind SQL Injection vulnerability in the 'page' variable of the virtuemart component. Because of the fact that Joomla core filters '<' or '>' characters, we can only use '=' to test for true/false statements. This of course will send an enormous number of queries the target. During testing, 9145 queries were sent to fully steal the admin user/hash. This PoC was tested on the latest version of virtuemart (1.1.7) at the time of discovery. Depending on your purpose, you may have to adjust the timings of benchmark and time to last byte (ttlb).
The RealNetworks RealGames StubbyUtil.ProcessMgr.1 ActiveX Control (InstallerDlg.dll v2.6.0.445) is vulnerable to multiple remote command execution vulnerabilities. The control has four insecurely implemented methods: CreateVistaTaskLow(), Exec(), ExecLow(), and ShellExec(). These vulnerabilities can allow an attacker to launch arbitrary commands and execute arbitrary executables.
This control has four methods implemented insecurely: ShellExec() allows launching arbitrary commands, ShellExecRunAs() allows launching arbitrary commands, CreateShortcut() allows creating arbitrary executable files inside automatic startup folders, CopyDocument() allows copying arbitrary executable files from a remote network share to local folders. Other attacks are possible including information disclosure and file deletion.
The spidaNews V.1.0 script is vulnerable to SQL injection in the news.php file. An attacker can exploit this vulnerability by injecting malicious SQL code through the 'id' parameter. This can lead to unauthorized access, data manipulation, and other malicious activities.
The IPComp implementation originating from NetBSD/KAME implements injection of unpacked payloads. It allows traversal of perimeter filtering and has potential implementation flaws in popular stacks.
This vulnerability allows an attacker to perform Cross-Site Request Forgery (XSRF) attack by adding an admin user to the Audio & Video Library application. The attacker can send a crafted request to the target application, which will add an admin user without authentication or authorization.
Services By CQR