The CSRF vulnerability exists in the 'pass.php' script of the Dalbum product, which fails to properly verify the source of HTTP requests. An attacker can exploit this vulnerability by using a browser and submitting a crafted form. The XSS vulnerability exists in the 'editini.php' script, which fails to properly sanitize user-supplied input in the 'url' variable, allowing the execution of arbitrary JavaScript code.
The IBM Tivoli Directory Server (ITDS) is vulnerable to remote code execution through the SASL bind request. This vulnerability allows an attacker to execute arbitrary code on the target system, potentially compromising the entire server. It affects the Windows platform.
This module exploits a stack buffer overflow in Wireshark <= 1.4.4 When opening a malicious .pcap file in Wireshark, a stack buffer occurs, resulting in arbitrary code execution. This exploit bypasses DEP & ASLR and works on XP, Vista & Windows 7.
EZ-Shop is prone to SQL Injection due to insufficient user supplied input sanitization.
This vulnerability allows for an endless loop affecting all the services that use the TCP protocol, as well as the snabase.exe service on port 1478, snalink.exe on their dynamic ports, snaservr.exe, and mngagent.exe. The cause of this vulnerability is the 'word[packet] - 2' code, which forces continuous parsing of the same data. There are also other Denial of Service vulnerabilities that affect the UDP protocol used in snabase.exe on port 1478. When this service terminates, other services depending on it, such as snalink and msngagent, will also terminate.
This module takes advantage of a trust relationship issue within the Zend Server Java Bridge. The Java Bridge is responsible for handling interactions between PHP and Java code within Zend Server. When Java code is encountered Zend Server communicates with the Java Bridge. The Java Bridge then handles the java code and creates the objects within the Java Virtual Machine. This interaction however, does not require any sort of authentication. This leaves the JVM wide open to remote attackers. Sending specially crafted data to the Java Bridge results in the execution of arbitrary java code.
The DoS exploit is caused by an unhandled Access Violation Exception in the i_view32.exe module of IrfanView 4.28. It can be triggered by opening a specific icon file, either locally or remotely.
The DoS vulnerability in IrfanView 4.28 is caused by a not handled Access Violation Exception in the module i_view32.exe. It can be triggered by opening a malicious ICO file.
JCE makes creating and editing Joomla!® content easy Add a set of tools to your Joomla!® environment that give you the power to create the kind of content you want, without limitations, and without needing to know or learn HTML, XHTML, CSS...
This exploit targets the AFD.sys driver in Windows XP SP3, causing a local denial of service (DoS) attack. It utilizes a specific buffer to trigger the vulnerability and crash the system.
Services By CQR