Ease Audio Cutter 1.20 is vulnerable to a buffer overflow when a specially crafted .wav file is opened. This can be exploited to cause a stack-based buffer overflow via a specially crafted .wav file of 15000 bytes.
A directory traversal vulnerability exists in Joomla Component com_album version Album #1.14. An attacker can exploit this vulnerability to traverse directories and access sensitive information. The vulnerable parameter is 'target' in the URL 'http://localhost/index.php?option=com_album&Itemid=128&target=/../..'
The software Quiksoft EasyMail 6.0.3.0 ships emimap4.dll, an ActiveX component to facilitate the development of IMAP4-aware applications. The connect() function of this component is prone to a classic buffer overflow vulnerability when a particularly long argument is passed and the application attempts to copy that data into a finite buffer. This allows for the execution of arbitrary code in the user context.
A vulnerability exists in phpPollScript version 1.3 and earlier, which allows a remote attacker to include arbitrary files on the vulnerable system. This is due to the 'include_class' parameter in 'init.poll.php' not being properly sanitized before being used in a 'require' function call. An attacker can exploit this vulnerability to include arbitrary files from remote hosts, which can lead to the execution of arbitrary PHP code on the vulnerable system.
Elite Gaming Ladders v3.2 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. The attacker can then execute arbitrary SQL commands on the vulnerable server, allowing them to access sensitive data from the database.
This exploit is used to test for Blind SQL Injection vulnerability in SaphpLesson v4.3. It checks for the average response time and then tests for delayed response time. If the response time is more than 3 seconds, then the system is vulnerable to Blind SQL Injection.
A vulnerability exists in Micro CMS version 3.5 or lower which allows an attacker to bypass the login authentication by using a valid username followed by /* and any password. An attacker can also use a username of " or 1=1/* and any password to bypass the authentication.
Chip d3 Bi0s RSS Feed Creator by foobla Joomla Component com_jlord_rs (id) BSQL is vulnerable to SQL injection. An attacker can inject malicious SQL queries to gain access to sensitive information from the database. This vulnerability can be exploited by sending a specially crafted HTTP request to the vulnerable application.
A vulnerability exists in the joomla component com_foobla_suggestions (idea_id) which allows an attacker to inject arbitrary SQL commands. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can result in the disclosure of sensitive information from the database.
AdsDX v3.05 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to bypass authentication and gain access to the application.
Services By CQR