DiViS-Web ActiveX (ActiveView.cab) has Heap Overflow vulnerability. Heap overflow vulnerability found in AddSiteEx() function. There is an exploitable heap overflow vulnerability in DVR's ActiveX control (ActiveView.cab). If an DVR user were to visit a malicious web page, the overflow could be triggered allowing for a 'remote' compromise of the user's machine. Alternatively, an attacker could send their target a specially crafted e-mail, loaded with an exploit to take advantage of this vulnerability. The problem arises by passing an overly long string to the AddSiteEx method of the control.
Xilisoft Video Converter Wizard 3 is vulnerable to a stack buffer overflow vulnerability when processing a specially crafted .CUE file. An attacker can exploit this vulnerability by creating a malicious .CUE file and convincing a user to open it, resulting in arbitrary code execution.
This bug allows a guest to overwrite config.inc.php inserting PHP code.
This file contains reserved informations such as the username and the password for connecting to the database. Using .inc extension only, the content is visible. This bug allows a guest to bypass the authentication system and to login with administrator privileges. This bug allows a guest to execute arbitrary queries.
Absolute Form Processor XE-V 1.5 is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to gain access to the application and execute arbitrary SQL queries.
My Dealer CMS 2.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to bypass authentication and gain access to the application.
Multiple vulnerabilities were found on the package net2ftp [1], version 0.98 and below. Two types of vulnerabilities were found: Cross-Site Scripting and Cross-Site Request Forgery. Cross-Site Scripting (XSS) allows an attacker to inject malicious code on the vulnerable application. This code will be executed on the browser of the user who visits the vulnerable page. Cross-Site Request Forgery (CSRF) allows an attacker to perform actions on behalf of the user without his knowledge.
This bug allows a guest to execute arbitrary SQL queries. This bug also allows a guest to execute arbitrary php code. This bug allows a registered user to upload arbitrary files and to execute them from inc/attachments directory.
WebFileExplorer v3.1 is prone to multiple vulnerabilities. An attacker can inject his evil sql code in the login form, bypassing it, he just needs to know the nick of an existent username to login as him. Once the attacker logged in, from the Control Panel he's able to do a lot of things, upload all file of any extension, create files of any type, and so on. So this normal Authority Bypass can become a dangerous Arbitrary Shell Upload, so kinda of Remote Command Execution.
A vulnerability exists in Simbas Content Management System which allows an attacker to bypass authentication and execute arbitrary SQL commands. This is done by sending a specially crafted HTTP request to the vulnerable application. An attacker can exploit this vulnerability to gain access to the application and execute malicious SQL commands.
Services By CQR