Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) overlong DSC Comment Buffer Overflow Exploit.
Kingsoft Internet Security 09 wins another VB100 award for December 2008. Once again KIS9 passes the barrage of tests of virus attacks, hacker attempts and malware/spyware threats to emerge victorious in this months round of testing by the VB100 labs. KIS9 is Kingsoft Research’s most advanced antivirus and security software specifically designed for always on Internet connectivity with a whole host of network tools allowing first time users to network profiling professionals the ability to control and analyze network traffic and applications more closely than ever before. KIS9 Firewall creates a 'program access locking control' to profile which of your programs and services can send and receive information to the Internet. Multi layer firewall, provides not only control of your programs accesses via the Internet but also monitors lower level traffic and communications between applications such as email and web. Kingsoft Internet Security 9 constantly monitors network and file activity to ensure your PC remains safe to VB100 standards. Kingsoft Internet Security 9's Trusted Authentication Server contains an ever increasing library of information for over 10 million computer files providing real-time safety checking on the files being currently used on your PC and is guranteed to keep your PC safe from the latest threats.
SiSplet CMS version 2008-01-24 is vulnerable to multiple Remote File Include vulnerabilities. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'site_path' parameter of 'new.php' and 'komentar.php' scripts. A remote attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by including a malicious file from a remote location.
The AMS2 (Alert Management Systems 2) component of multiple Symantec products is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. Successfully exploiting this issue will allow an attacker to execute arbitrary commands with SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will result in a denial-of-service condition.
This module exploits a stack overflow in HTML Help Workshop 4.74 By creating a specially crafted hhp file, an an attacker may be able to execute arbitrary code.
VLC Media Player versions 1.0.3 and below are vulnerable to a buffer overflow vulnerability when parsing a specially crafted XSPF file. This PoC creates a malicious XSPF file containing a payload of 10000 A's followed by 4 B's and 2 A's. When the file is opened in VLC, the buffer overflow occurs, resulting in a crash.
VLC Media Player 1.0.3 is vulnerable to a stack-based buffer overflow when handling a specially crafted .xspf file. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
This module exploits a stack overflow in IDEAL Administration v9.7. By creating a specially crafted ipj file, an an attacker may be able to execute arbitrary code.
This vulnerability allows an attacker to access files outside of the web root directory by using directory transversal techniques. An attacker can use this vulnerability to access sensitive files such as boot.ini, which can be used to gain further access to the system.
A SQL injection vulnerability exists in elkagroup, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient input validation of the 'id' parameter in the 'news' page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable server. Successful exploitation of this vulnerability can allow an attacker to gain unauthorized access to sensitive information stored in the database.
Services By CQR