A SQL injection vulnerability exists in the PHP-Fusion Mod E-Cart, which allows an attacker to extract sensitive information from the database. The vulnerability is caused due to the improper sanitization of user-supplied input in the 'CA' parameter of the 'items.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. This will allow the attacker to extract sensitive information from the database.
A vulnerability exists in PHP-Fusion Mod Members Bewerb, which allows an attacker to inject arbitrary SQL commands via the 'sortby' parameter in the 'members.php' script. An attacker can exploit this vulnerability to gain access to sensitive information from the database, modify data, or exploit further vulnerabilities in the underlying SQL server software.
A buffer overflow vulnerability was discovered in the gen_msn plugin, which is a plugin that shows what song a user is currently listening to on their PM in MSN. The vulnerability is located in the .PLS playlist file and can be exploited by sending a maliciously crafted .PLS file with an overly long URL.
VUPlayer is a freeware media player. A buffer overflow vulnerability exists in VUPlayer <= 2.49, which allows an attacker to execute arbitrary code by sending a specially crafted .PLS file. This exploit was tested on Windows 2000 and Vista.
This exploit is a buffer overflow vulnerability in Audacity 1.6.2. It is triggered when a maliciously crafted .aup file is opened in Audacity. The exploit causes a crash due to an off-by-one error in the handling of the file.
A buffer overflow vulnerability exists in LiteServe 2.81 which allows a remote attacker to execute arbitrary code by sending a specially crafted USER request with a large number of 'A' characters. This can be exploited to execute arbitrary code by sending a specially crafted USER request with a large number of 'A' characters.
CoolPlayer is vulnerable to a buffer overflow when processing a specially crafted .pls file. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This exploit works on Windows 2000 and Windows XP.
This vulnerability allows an attacker to traverse the local directory of the vulnerable Joomla version 1.5.8 using the xstandard editor. The attacker can send a specially crafted HTTP request with the X_CMS_LIBRARY_PATH header set to the desired directory and the server will respond with the contents of the directory. This vulnerability can be exploited to gain access to sensitive information stored in the server.
PollHelper is vulnerable to remote config file disclosure. An attacker can download the config file which contains the database username and password.
playsms 0.9.3 is vulnerable to Remote File Inclusion/Local File Inclusion. The vulnerability is due to the application including files without proper sanitization of user supplied input. This can be exploited to include arbitrary files from remote and local resources by manipulating the 'apps_path[plug]', 'gateway_module', 'apps_path[themes]', 'themes_module' and 'apps_path[libs]' parameters in the 'plugin/gateway/gnokii/init.php', 'plugin/themes/default/init.php' and 'lib/function.php' scripts.
Services By CQR