This exploit allows an attacker to execute arbitrary commands on the target system by injecting malicious code into the 'post' parameter of the /post.php page in Simple PHP News 1.0 Final. The attacker can then access the injected code by visiting the /display.php page.
This is a proof-of-concept exploit for the FeedDemon 'outline' tag buffer overflow vulnerability. The exploit causes FeedMon to crash when attempting to unsubscribe from a malicious feed containing an overly long text tag.
BlazeVideo HDTV Player (BlazeDTV) is a full-featured and easy-to-use HDTV Player software. This exploit takes advantage of a remote heap overflow vulnerability in the BlazeVideo HDTV Player <= 3.5 PLF Playlist File. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system.
This exploit takes advantage of a vulnerability in RealVNC 4.1.2's 'vncviewer.exe' RFB Protocol, allowing remote code execution. The vulnerability is identified by BID 30499.
The simo36.tvp-bof.c file contains a buffer overflow vulnerability. The vulnerability allows an attacker to overwrite the EIP register with a malicious payload, leading to arbitrary code execution.
The vulnerability exists in QuickTime.qts component parsing (.qtif) image files that contain an uncompleted header. A remote user can create a file that, when processed by QuickTime PictureViewer or via a browser, can cause the remote system to crash.
This exploit allows an attacker to create a crafted.zip file that triggers a buffer overflow in the Search and Replace application. By searching for a directory where the crafted.zip file is stored, the attacker can execute arbitrary code or crash the application.
Arbitrary PHP code can be passed to the 'play' command of 'mega://' URI handler, which is further copied to the c:DATASTORE.txt temporary file and evaluated. The 'con' argument is used to bypass a file_exists() check.
The YourPlace 0.5 (beta 1) script has several vulnerabilities including database disclosure, arbitrary data saving, RCE exploit, arbitrary file upload, PHPInfo disclosure, and user change account. The database disclosure vulnerability allows an attacker to access the usernames and passwords stored in the users.txt file. The arbitrary data saving vulnerability can be exploited by an authenticated user to execute arbitrary code. The exploit code is provided in the text.
No description available