DaZPHP is vulnerable to a directory traversal attack which allows an attacker to read arbitrary files from the server. This is due to a lack of proper sanitization of user-supplied input to the 'prefixdir' parameter in the 'makepost.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences (e.g. '../../../../../../etc/passwd') to the vulnerable script.
XnView 1.92.1 Slideshow "FontName" Buffer Overflow is a vulnerability found by Stefan Cornelius, Secunia Research in 2008. It allows an attacker to execute arbitrary code on the vulnerable system. The exploit is written in Perl and creates a poc.sld file which contains a malicious fontname. The malicious fontname contains a shellcode which executes calc.exe on the vulnerable system.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'base_dir' parameter to '/component/com_onlineflashquiz/quiz/common/db_config.inc.php' script. A remote attacker can execute arbitrary PHP code on the vulnerable system by including a malicious file.
This exploit sends a large payload of 2048 characters to the eDirectory HTTP service on port 8028, causing a denial of service.
A denial of service vulnerability exists in McAfee EPO 4.0 (and others) FrameworkService.exe. An attacker can send a specially crafted HTTP request with a large number of 'B' characters followed by a valid HTTP request to trigger this vulnerability. This will cause the service to crash, resulting in a denial of service condition.
HP OpenView NNM 7.5.1 OVAS.EXE is vulnerable to a pre-authentication SEH overflow. This vulnerability was found, analysed and exploited as part of a training module in 'BackTrack to the Max'. An attacker can send an overly long string to the vulnerable application and overwrite the SEH handler, allowing for arbitrary code execution.
Denial of service occurs when the mailserver.exe crashes after receiving huge number of characters in IMAP port 143 [ECX =0000000,DL = ??] , the admin application will still be running but if user clicked on Send/Receive or any other buttons the application will crash.
A vulnerability in the bamagalerie3 module of RUNCMS 1.1A allows remote attackers to inject arbitrary SQL commands via the cid parameter in a viewcat action to modules/bamagalerie3/viewcat.php.
This exploit allows an attacker to remotely execute code, upload files, and extract admin hashes from a vulnerable Nuked-Klan <= 1.7.6 system.
An arbitrary file overwrite vulnerability exists in ChilkatHttp ActiveX 2.3. By using the SaveLastError method, an attacker can overwrite arbitrary files on the system. This can be exploited by an attacker to overwrite system files and gain elevated privileges.
Services By CQR