A vulnerability in the Videoscript web application allows an attacker to bypass authentication by entering ' or '1=1 as the username and password. This allows the attacker to gain access to the application.
Mini-stream Ripper 3.0.1.1 is vulnerable to a local buffer overflow vulnerability. An attacker can exploit this vulnerability by crafting a malicious .RAM file and executing it on the target system. This will cause a buffer overflow and allow the attacker to execute arbitrary code on the target system.
Mini-stream ASX to MP3 Converter 3.0.0.7 is vulnerable to a local buffer overflow exploit. An attacker can craft a malicious .RAM file with a long string of 'G' characters followed by 16 NOP instructions, a return address pointing to a malicious shellcode, and the malicious shellcode itself. When the .RAM file is opened, the malicious shellcode will be executed, allowing the attacker to gain control of the system.
A vulnerability exists in Job Career Package V3.0 which allows an attacker to gain administrative access to the application by setting a cookie. An attacker can exploit this vulnerability by setting the cookie 'JobCareerAdmin=Login;path=/' using JavaScript.
TCPDB version 3.8 is vulnerable to an Add Admin Exploit. An attacker can exploit this vulnerability by going to the user page and adding an admin. The demo page for this exploit is http://www.tcpdb.com/demo/user.
A stack overflow vulnerability exists in Sorinara Streaming Audio Player 0.9. The vulnerability is caused due to a boundary error when handling .PLA files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted .PLA file. Successful exploitation may allow execution of arbitrary code.
This exploit is for Soritong MP3 Player 1.0. It is a SEH overwrite exploit which uses a buffer overflow vulnerability to overwrite the SEH handler. The exploit code contains a 260 byte junk buffer followed by a short jump instruction, a SEH handler, NOPs and a shellcode. The shellcode is then followed by a NOP sled.
This module exploits a buffer overflow in the 32bit FTP 09.04.24 client that is triggered through an excessively long PASV reply command.
webSPELL is a free Content Management System (CMS) for clans and gaming communities, providing all needed features like forums, gallery, clanwar system. The bug is a mix of cookie injection, lfi, blind sql injection and a few bypasses of security functions in this application. The vulnerability is caused by the lack of proper sanitization of user-supplied input in the 'language' cookie parameter, which allows an attacker to inject arbitrary SQL commands.
This exploit is a Universal Seh Overwrite Exploit which targets 32bit FTP (09.04.24) (CWD Response). It was tested on Windows XP SP3 (EN)(VB). The exploit was written in Python and uses a shellcode to execute a calculator. The exploit was released in 2009 by His0k4.
Services By CQR