This exploit allows a remote attacker to overwrite a file on the vulnerable system. The exploit is triggered by a malicious website containing a malicious JavaScript code which calls the Save() method of the vulnerable Office Viewer ActiveX Control v 3.0.1. The malicious JavaScript code can be used to overwrite any file on the vulnerable system.
This exploit allows an attacker to overwrite a file on the victim's system. The exploit uses a malicious HTML page containing a malicious object tag with a CLSID of {97AF4A45-49BE-4485-9F55-91AB40F22BF2}. When the malicious page is opened, the malicious object tag calls the Save() method of the Word Viewer OCX, which allows the attacker to overwrite a file on the victim's system. The malicious page contains a JavaScript function that calls the Save() method with a file path of c:windowssystem_.ini, which will overwrite the system.ini file on the victim's system.
An SQL injection vulnerability exists in the Joomla Component com_gigcal(gigcal_gigs_id). An attacker can exploit this vulnerability to gain access to sensitive information from the database. The vulnerable parameter is 'gigcal_gigs_id' which can be exploited with the following payload: '+and+1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,concat(username,char(58),password),0,11,12+from+jos_users/*
VUPlayer 2.49 is prone to a buffer overflow vulnerability when processing .ASX files. This vulnerability is due to a boundary error when copying user-supplied data into a fixed-length buffer. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
A vulnerability exists in Virtual GuestBook v2.1 which allows an attacker to remotely disclose the database. By sending a request to http://localhost/[path]/database/guestbook.mdb, an attacker can gain access to the database.
Winamp versions 5.541 and earlier are vulnerable to multiple denial of service attacks. A specially crafted MP3 file can cause a denial of service when parsed by Winamp, and a specially crafted AIFF file can cause a denial of service when parsed by Winamp due to a heap overflow.
A vulnerability in Excel Viewer OCX 3.2 allows an attacker to download and overwrite arbitrary files on the vulnerable system. This is due to the application not properly validating user-supplied input when handling the Save and HttpDownloadFile methods. An attacker can exploit this vulnerability by enticing a user to visit a malicious web page or open a malicious document.
A SQL injection vulnerability exists in the Wordpress Wp-forum plugin 1.7.8. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames, passwords, and emails.
Triologic Media Player 7 is prone to a local heap-based buffer-overflow vulnerability because it fails to perform boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
This exploit allows an attacker to modify the user email and password of a Comersus Shopping Cart version 6 or lower. The attacker can access the vulnerable page by registering on the site and logging in. The exploit is then triggered by submitting a form with the modified user email and password.
Services By CQR