A buffer overflow vulnerability in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via a crafted MP3 file. This vulnerability is exploited by sending a specially crafted MP3 file to the victim, which when opened in Music Tag Editor 1.61 build 212, will cause a buffer overflow and allow the attacker to execute arbitrary code on the victim's system.
This exploit actually advantage of two vulnerabilities. The first exploit is a simple XSS in the admin login page that will allow us to log the admins password. Unfortunatly, it only executes if the admin is NOT already logged in. The second is a CRSF exploit that allows you to change the admins password by automatically submitting a form. This exploit only works if the admin already logged in. Combine these and we have two ways to gain admin access.
This exploit is based on the vulnerability in WebLeague 2.2.0, which allows an attacker to bypass the authentication process and gain access to the admin panel. The vulnerability is due to the fact that the application does not properly sanitize the user input, allowing an attacker to inject malicious code into the username and password fields. The exploit code uses a POST request to send malicious code to the application, which is then executed by the application.
A vulnerability exists in WebLeague 2.2.0 which allows an attacker to remotely change the password of an account. The vulnerability is due to the lack of authentication when accessing the install.php file. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the install.php file. This will allow the attacker to change the password of an account without authentication.
A SQL injection vulnerability exists in WebLeague 2.2.0 in the profile.php file. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
A vulnerability exists in Admin News Tools, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'message' parameter to 'message.php' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This vulnerability affects Internet Explorer 5, 6, 7, 8, Chrome (limited), Opera, Seamonkey, Midbrowser, Netscape 6 & 8, Konqueror (all versions), Apple iPhone + iPod, Apple Safari, Thunderbird, Nokia Phones, Aigo P8860, Siemens phones, Google T-Mobile G1 TC4-RC30, Ubuntu (Operating system sometimes reboots, memory management failure), and possibly more devices and products that support Javascript. The vulnerability is caused by a flaw in the way the browser handles certain JavaScript code, which can cause the browser to crash or hang.
A vulnerability exists in Infinity version 2.0.5 which allows an attacker to create an admin account. The attacker can send a POST request with the username and password of their choice to the vulnerable application. This will create an admin account with the specified credentials.
This exploit is a stack overflow vulnerability in Firefox 3.5. It is caused by a combination of the mul8() function and the unescape() function. The mul8() function is used to create a string of a certain length, and the unescape() function is used to convert the string into a Unicode string. The vulnerability is triggered when the string is longer than the stack can handle, resulting in a stack overflow.
A buffer overflow vulnerability exists in Hamster Audio Player 0.3a. By creating a specially crafted .m3u file, an attacker can cause a buffer overflow, resulting in a denial of service or the execution of arbitrary code.
Services By CQR