Kaspersky Anti-Virus 2010 9.0.0.463 is vulnerable to a local denial of service attack. The kl1.sys driver does not check the inputs address of an IOCTL, which can lead to an exception being thrown if one or two DWORDs are modified. The exploit can cause a Blue Screen of Death (BSOD).
Novell eDirectory 8.8 SP5 is vulnerable to a stack overflow vulnerability when sending a specially crafted HTTP request to the server. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
This exploit allows an attacker to traverse outside the FTP root directory by using the MKD command. The MKD command is used to create a directory on the FTP server. By using a relative path, the attacker can traverse outside the FTP root directory and access files and directories that are not intended to be accessible.
H4ckers may upload malicious files by using upload panel as they have administrator access. They are able to change settings and upload asp and exe files.
FtpXQ authenticated remote Dos is a vulnerability found in FtpXQ version 3.0.1. It requires write access and is vulnerable to the MKD command. It was discovered by Marc Doudiet and a proof of concept code was released.
This exploit is for Avast 4.8.1351.0 antivirus aswMon2.sys Kernel Memory Corruption. It uses a DeviceIoControl call to execute a malicious code. The exploit uses a VirtualAlloc call to allocate a buffer of 0x288 bytes and then fills it with 'A' characters. It then passes the buffer to the DeviceIoControl call.
A SQL injection vulnerability exists in cifshanghai.com script The news (chanpin_info.php) which allows an attacker to bypass authentication and gain access to the admin panel. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This request contains a specially crafted SQL query which can be used to bypass authentication and gain access to the admin panel.
This exploit is a proof of concept for a command injection vulnerability in the FTP APPE command. The exploit connects to an FTP server, authenticates with a given username and password, and then sends a specially crafted APPE command containing a malicious payload. The malicious payload is then executed on the server, allowing the attacker to gain access to the system.
A remote code execution vulnerability exists in jar50.dll, a library used by Mozilla Thunderbird and Mozilla Seamonkey. An attacker can exploit this vulnerability by sending a specially crafted email with a malicious jar file attachment. The vulnerability is caused by a buffer overflow in the jar50.dll library when processing a malicious jar file. This can allow an attacker to execute arbitrary code in the context of the application.
This exploit is a remotely triggerable STACK_OVERFLOW in Safari on Windows. It is triggered by creating a HTML file with a link to a CSS file containing a background URL with a large number of characters. This causes a stack overflow in the CoreFoundation.dll library.