Allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.
The Ultimate WordPress Auction plugin version 1.0 is vulnerable to CSRF. This vulnerability allows an attacker to add fake auction bids.
FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in an XML file or the Windows Registry. This can allow the attacker to gain access to an FTP server with the privileges of the victim.
thong.pl is a Perl script that automates several attacks against various Cisco products. It targets the following vulnerabilities:1. 12-13-00 - Cisco Catalyst ssh Protocol Mismatch DoS Vulnerability2. 11-28-00 - Cisco 675 Web Administration Denial of Service Vulnerability3. 10-26-00 - Cisco Catalyst 3500 XL Remote Arbitrary Command4. 10-25-00 - Cisco IOS Software HTTP Request DoS Vulnerability
Unprivileged users can create or delete directory services identity accounts in Apple Directory Services.
This module exploits an integer overflow vulnerability on Internet Explorer. The vulnerability exists in the handling of the dashstyle.array length for vml shapes on the vgx.dll module. This module has been tested successfully on Windows 7 SP1 with IE8. It uses the the JRE6 to bypass ASLR by default. In addition a target to use an info leak to disclose the ntdll.dll base address is provided. This target requires ntdll.dll v6.1.7601.17514 (the default dll version on a fresh Windows 7 SP1 installation) or ntdll.dll v6.1.7601.17725 (version installed after apply MS12-001).
Multiple vulnerabilities have been found in Airlive devices. These include Cross Site Request Forgery (CWE-352) and Clickjacking (CAPEC-103), Relative Path Traversal (CWE-23), Information Exposure (CWE-200) and Permissions, Priveleges and Access Controls (CWE-264), Clear Text Storage of Sensitive Information (CWE-312), and Denial of Service.
The Isemarket JaguarControl ActiveX control is prone to a buffer overflow. This could result in a failure of the client application invoking the control or potentially execution of arbitrary code.
This module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. Parameters intial-heap-size and max-heap-size in a JNLP file can contain a double quote which is not properly sanitized when creating the command line for javaw.exe. This allows the injection of the -XXaltjvm option to load a jvm.dll from a remote UNC path into the java process. Thus an attacker can execute arbitrary code in the context of a browser user. This flaw was fixed in Oct. 2012 and affects JRE <= 1.6.35 and <= 1.7.07.In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. Alternatively an UNC path containing a jvm.dll can be specified with an own SMB server.
This exploit allows an attacker to execute arbitrary code with the privileges of the mscreen program on SCO OpenServer 5.0.5. By providing a specially crafted input, the attacker can overflow the buffer and overwrite the return address, redirecting the execution flow to their own malicious code.
Services By CQR