This exploit is a buffer overflow vulnerability in Winamp 2.18. It is triggered when a specially crafted .m3u file is opened in Winamp. The exploit overwrites the EIP register with a jump to the shellcode, which is then executed.
The Uploader 2.0 is a php script which allows an attacker to upload a malicious file to the server. The attacker can upload a shell file (Shell.php) or any other extension to the server and access it via the URL http://server/script path/sdgsd/Shell.php
A stack overflow vulnerability exists in Winamp versions 5.57 and 5.56. An attacker can exploit this vulnerability by sending a specially crafted audio/x-mpegurl header to the vulnerable application. This will cause a stack overflow, resulting in a denial of service.
The web application is vulnerable to XSS in its installation file. An attacker can post data without any security, allowing them to put malicious code in the host textbox on the install.php?step=2 page. This malicious code can then be executed, allowing for path disclosure.
A directory traversal vulnerability exists in the Joomla component com_mediaslide. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains a maliciously crafted path parameter which can be used to traverse the directory structure of the server. The vulnerability can be exploited by sending a request to the vulnerable server with the following URL: http://server/components/com_mediaslide/viewer.php?path=/../..
This vulnerability allows an attacker to inject malicious SQL code into the PHPhotoalbum application. By sending a specially crafted HTTP request to the application, an attacker can execute arbitrary SQL commands on the underlying database. This can be used to gain access to sensitive information such as usernames and passwords.
A remote SQL injection vulnerability exists in PDQ Script 1.0. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
A remote file include vulnerability exists in JCal Pro Component, which allows an attacker to include a remote file containing malicious code on the vulnerable system. This vulnerability is due to insufficient sanitization of user-supplied input in the 'mosConfig_absolute_path' parameter of the 'cal_popup.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. Successful exploitation could result in arbitrary remote code execution.
A SQL injection vulnerability exists in VideoCMS version 3.1 or lower. An attacker can send a specially crafted HTTP request to the vulnerable server in order to execute arbitrary SQL commands in the back-end database. The vulnerable parameter is the 'v' parameter in the 'index.php' script. An attacker can exploit this issue by sending a malicious HTTP request containing a specially crafted SQL statement to the vulnerable script. This can be used to manipulate the back-end database content, compromise the application, access or modify sensitive data, or exploit various other vulnerabilities in the underlying database implementation.
An SQL injection vulnerability exists in the webCocoon's simpleCMS plugin, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'show.php' file. The vulnerable code is located in the 'show.php' file, where the 'id' parameter is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the 'index.php' file, which contains malicious SQL commands.