This exploit is a buffer overflow vulnerability in Adobe Acrobat Reader. It is triggered when a maliciously crafted PDF file is opened in Adobe Acrobat Reader. The exploit is based on a heap overflow vulnerability in the JBIG2Decode filter. The vulnerability is caused by a lack of proper validation of the size field in the JBIG2Decode filter. This allows an attacker to overwrite the heap memory with arbitrary data.
Input passed to the 'jobid' parameter in jobdetails.php page is not properly verified before being used in sql queries. This vulnerability can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows attacker retrieving users email, loginname and md5 hash password.
MLdonkey (up to 2.9.7) has a vulnerability that allows remote user to access any file with rights of running Mldonkey daemon by supplying a special-crafted request (ok, there's not much special about double slash) to an Mldonkey http GUI (tcp/4080 usually). Thus, the exploit would be as simple as accessing any file on a remote host with your browser and double slash: http://mlhost:4080//etc/passwd
Huawei E960 HSDPA Router (firmware version 246.11.04.11.110sp04) is vulnerable to XSS attack using SMS. One of the feature of this router is the ability to send and receive SMS through its web interface. The SMS text is presented unescaped/unfiltered on the inbox view, and an attacker can craft malicious short messages to gain control over victims router. The first 32 characters of every incoming SMS is presented in unescaped form in the inbox view. The 32 characters limit can be overcome by using several messages, and inserting javascript comment to merge the current message with the next one.
Pyrophobia 2.1.3.1 is vulnerable to Local File Inclusion vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'pid' parameter of the '/[path]/index.php' script. A remote attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
This exploit allows a remote attacker to execute arbitrary commands on a vulnerable system. It takes advantage of a vulnerability in the notes.php script of pPIM 1.01, which allows an attacker to inject arbitrary commands into the id parameter. The exploit was written in Perl and was tested on localhost.
ZFeeder 1.6 is vulnerable to a remote bypass admin panel attack. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable application. This will allow the attacker to bypass the authentication process and gain access to the admin panel.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the "onload" event handler. By crafting a malicious page, an attacker can cause a pointer to be reused after it has been freed. This can lead to arbitrary code execution under the context of the user.
This exploit causes an exception at 41414141, which is a buffer overflow vulnerability. It is a PDF file that can be used to exploit a vulnerable system.
Graugon Forum v1 is vulnerable to a Remote SQL Command Injection Exploit. The vulnerability exists in the view_profile.php page, where an attacker can inject a malicious SQL string into the 'id' parameter. An attacker can exploit this vulnerability by using a '-1 union select' statement to extract data from the database.
Services By CQR