RainbowPlayer 0.91 is vulnerable to a universal SEH overwrite vulnerability. This vulnerability is caused due to a boundary error when handling specially crafted .m3u files. An attacker can exploit this vulnerability to execute arbitrary code by overwriting the SEH handler with a custom payload. This exploit is tested on Windows XP Pro SP2 Fr.
Unverified XML Data is passed from the client (Webbrowser) to the NextApp Echo Engine and consequently to an underlying XML Parser. This leading to a typical XML Injection scenario. By manipulating the POST content it is possible to inject arbitrary XML declarations- and instructions.
The CIM server contained in the IBM Director suite for Microsoft Windows is vulnerable to a remote denial of service attack. The vulnerability allows an attacker to crash the service remotely. It will not be possible to reach the IBM Director agent until the service is manually restarted. CIM server crashes on receiving requests that contain overlong consumer names. The error condition does not allow for the redirection of program flow.
A SQL injection vulnerability exists in Powered by Content Management System WEBjump! when user-supplied input is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability to gain access to sensitive information in the back-end database, modify data, execute administration operations on the database, and potentially compromise the underlying server.
Addonics NAS Adapter Post-Auth DoS is a buffer overflow vulnerability in Addonics NAS Adapter which allows an attacker to crash the entire stack from the web GUI by sending a malicious GET request. This vulnerability affects R3282-1.33c LOADER32 1.15 and NASU2FW41 Loader 1.17 firmware.
This web application presents several vulnerabilities which can be exploited to obtain reserved information. The Multiple SQL Injection vulnerability allows a guest to view username and password of a registered user. The Directory Traversal vulnerability allows a guest to read arbitrary files and directory on the web server. The Reflected XSS vulnerability allows a guest to inject malicious scripts into the web application.
A SQL injection vulnerability exists in CS-Cart 2.0.0 Beta 3 (dispatch) which allows an attacker to execute arbitrary SQL commands via the 'dispatch' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords.
BBCode IMG Tag Script Injection: Insert into a (forum message/private message/your signature) the code below: [img]http://[host]/[path]/wbb/index.php?page=PM&action=delete&pmID=[ID]&folderID=0[/img] The fake image doesn't show errors. Cross Site Scripting: http://[host]/[path]/wcf/acp/dereferrer.php?url=javascript:alert("Example"); you can bypass the magic_quotes_gpc with String.FromCharCode function. URL Redirection: http://[host]/[path]/wcf/acp/dereferrer.php?url=http://[host]/[path]/wbb/?page=ThreadAction&action=deleteAll&boardID=1&url=[local URL] Full Path Discloscure: http://[host]/[path]/wbb/index.php?page=[] it works on < 3.0.8 version only.
PHPRecipeBook is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability is due to the lack of proper sanitization of user-supplied input to the 'base_id' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable application. Successful exploitation of this vulnerability can result in unauthorized access to the database and execution of arbitrary SQL commands.
This exploit is for PHP Director 0.2.1 which is vulnerable to SQL injection. The vulnerability is due to the fact that the $cat variable is not checked, allowing an attacker to inject malicious SQL code. The exploit is written in C and can be compiled with gcc. The exploit will create a file in the web root directory with the name specified in the command line arguments.
Services By CQR