Photoshop Elements 8 suffers from a buffer overflow vulnerability when dealing with .ABR (brushes) and .GRD (gradients) format files. The application fails to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the attacker to gain the power of executing arbitrary code on the affected system or denial of service scenario.
The MARINET CMS room.php script is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by manipulating the 'rid' parameter in the URL to inject SQL statements, potentially gaining unauthorized access to the database.
Proof-of-concept crash for the FreeBSD Unix domain sockets heap overflow. This was tested on FreeBSD 8.2-RELEASE. This PoC will usually result in a kernel panic with a read access violation at 0x616161XX but sometimes the kernel will not crash straight away (particularly if you shorten the length of 'sun_path' -- try 140 bytes), and your uid (see output of `id`) may have been modified to the decimal equivalent of 0x61616161 during the heap smash.
The WordPress WP Bannerize plugin version 2.8.7 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious POST data to the ajax_sorter.php file, allowing them to execute arbitrary SQL queries.
The driver 'nprosec.sys' in Norman Security Suite 8 is vulnerable to a kernel pointer dereferencement. An attacker with local access to the machine can exploit this vulnerability to escalate their privileges and gain SYSTEM privileges from a limited account.
This vulnerability allows an attacker to inject SQL queries into the WordPress Mingle Forum plugin version 1.0.31. By manipulating the POST data, an attacker can execute arbitrary SQL queries, potentially leading to unauthorized access or data leakage.
This exploit takes advantage of a buffer overflow vulnerability in the server.cfg file of the GTA SA-MP game server. By overwriting the file with a specially crafted payload, an attacker can execute arbitrary code on the server. The exploit uses an EIP overwrite technique and has a maximum payload space of 392 bytes. There are 3 bad characters: 0x1a, 0x0d, 0x0a. Triggering the exploit will cause the server to crash and launch the Windows calculator. The exploit has been tested on Windows XP SP3 and Windows 7.
This exploit takes advantage of a buffer overflow vulnerability in Muse Music All-In-One software. By creating a specially crafted PLS file, an attacker can overwrite the EIP register and execute arbitrary code. This exploit bypasses Data Execution Prevention (DEP) by using Return Oriented Programming (ROP) techniques. The exploit creates a ROP chain to call LoadLibraryA and GetProcAddress functions in kernel32.dll to load and execute malicious code.
The vulnerability allows an attacker to perform SQL injection by manipulating the 'track' parameter in the 'adrotate-out.php' file. By injecting malicious SQL code, an attacker can execute arbitrary SQL queries.
The WordPress Link Library plugin version 5.2.1 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the underlying database.
Services By CQR