Gravy Media Cms 1.07 is vulnerable to multiple SQL injections and arbitrary file download. The vulnerable files are login.php, viewmsg.php, rate.php and forcedownload.php. The vulnerable code snippets are present in the login.php, viewmsg.php, rate.php and forcedownload.php files. The vulnerable code snippets are present in the login.php, viewmsg.php, rate.php and forcedownload.php files. The vulnerable code snippets are present in the login.php, viewmsg.php, rate.php and forcedownload.php files. The vulnerable code snippets are present in the login.php, viewmsg.php, rate.php and forcedownload.php files.
A stack-based buffer overflow vulnerability exists in Amaya 11.1 W3C's editor/browser. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is due to a boundary error when handling specially crafted HTML files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application by uploading a malicious HTML file.
The Check Point Firewall-1 PKI Web Service, running by default on TCP port 18264, is vulnerable to a remote overflow in the handling of very long HTTP headers. This was discovered during a pen-test where the client would not allow further analysis and would not provide the full product/version info. Initial testing indicates the 'Authorization' and 'Referer' headers were vulnerable.
AtomixMP3 is vulnerable to a Universal Seh Overwrite Exploit. This exploit is triggered when a specially crafted .m3u file is opened. The payload is encoded with PexAlphaNum encoder and the exploit uses win32_exec to execute the payload. The payload contains a shellcode which executes calc.exe.
A stack overflow vulnerability exists in Abee Chm eBook Creator 2.11. An attacker can exploit this vulnerability by importing a maliciously crafted 'Devil_Inside.chmprj' file, which will pop up a message telling that the project file format is outdated. After clicking ok, the malicious file will be loaded into the program. By going to File>Make Ebook, the attacker can execute arbitrary code on the vulnerable system.
The vulnerability is caused due to an error in handling the HEAD command. This can be exploited to crash the HTTP service.
This POC exploits a format string vulnerability in Wireshark <= 1.0.6. The vulnerability is present in the PN-DCP protocol, either standalone or tunnelled through DCE/RPC. The local opening of a pcapfile is also vulnerable.
Users can exploit the vulnerability by sending a malicious SQL query to the vulnerable parameter 'kat' in the 'side.asp' script. This can be exploited to disclose the database content. An attacker can also bypass the authentication process by sending a malicious SQL query to the vulnerable parameter 'kat' in the 'side.asp' script. This can be exploited to gain administrative access.
This exploit is a proof-of-concept (PoC) for a memory corruption vulnerability in the XUL (XML) parser of Firefox. It can be used to cause a denial-of-service (DoS) condition in the browser.
CMS IWARE 5.0.4 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords.
Services By CQR