Dark Age CMS version 0.2c Beta is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted username and password to bypass authentication. The specially crafted username is 'x' OR 'x' = 'x'# and the password can be anything. This will allow the attacker to bypass authentication and gain access to the application.
A vulnerability in Word viewer OCX V 3.2 allows remote attackers to execute arbitrary files via a crafted HTML page. The vulnerability is due to the OpenWebFile method of the ActiveX control, which can be called with a URL pointing to a malicious file. This can be exploited to execute arbitrary code by tricking a user into visiting a malicious web page.
Nofeel FTP Server V3.6 is vulnerable to a remote memory consumption exploit. An attacker can send a malicious CWD command to the server, which will cause the server to consume large amounts of memory, leading to a denial of service. The exploit is triggered by sending a malicious CWD command to the server, which will cause the server to consume large amounts of memory, leading to a denial of service.
This exploit allows a remote attacker to execute arbitrary code on a vulnerable system by using the OpenWebFile method of the PowerPoint Viewer OCX v3.1 ActiveX control. The attacker can use this vulnerability to execute arbitrary code on the vulnerable system by tricking a user into visiting a malicious web page.
A vulnerability in DMXReady Account List Manager version 1.1 allows remote attackers to change the contents of the application. An attacker can exploit this vulnerability by sending a malicious request to the add_category.asp page. This will allow the attacker to insert a new category into the application.
HSpell v1.1 is vulnerable to a command execution vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This exploit allows an attacker to execute arbitrary commands on the vulnerable server.
A vulnerability exists in DMXReady News Manager version 1.1 which allows an attacker to remotely change the category name of the news manager. The attacker can brute force the CAT_ID parameter in the update_category.asp page to gain access to the category manager page and change the category name.
dBpowerAMP Audio Player Release 2.PLS contains a local buffer overflow vulnerability. The vulnerability is triggered when a specially crafted .pls file is opened, resulting in a stack overflow. The exploit is triggered by a 257 byte long string of A's, followed by a 1000 byte long string of A's for stack overflow, and a 3000 byte long string of A's for heap overflow.
A buffer overflow vulnerability exists in PowerPoint Viewer OCX v3.1. The vulnerability is caused due to a boundary error when handling a specially crafted argument passed to the Save() method of the vulnerable ActiveX control. This can be exploited to cause a stack-based buffer overflow via a malicious web page.
This exploit uses the insecure methods 'OpenWebFile()' to execute a remote file on the victim's PC. It can also execute a local file on the victim's PC by changing the function do_it to 'function Do_it() { File = "c:windowssystem32cmd.exe"; hsmx.OpenWebFile(File); }'
Services By CQR