LightBlog is vulnerable to Remote Code Execution due to improper sanitisation of user input in register.php and check_user.php. An attacker can inject arbitrary PHP code into the cookie and execute it due to the code in check_user.php includes the cookie value without any sanitisation.
Icewarp Merak Mail Server 9.4.1 contains a stack based buffer overflow vulnerability in the second argument of Base64FileEncode() method, which can be exploited by a remote user to execute arbitrary code.
A buffer overflow vulnerability exists in Zoom Player Pro v.3.30 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is due to a failure in the application to properly bounds check user-supplied input before copying it into an insufficiently sized memory buffer. This can be exploited to cause a stack-based buffer overflow by supplying an overly long string to the application.
This exploit is a local buffer overflow exploit for SDP Downloader. It uses a NOP sled and shellcode to overwrite the SEH handler and execute malicious code. The exploit is written in C and creates an ASX file with the malicious payload.
A Local File Inclusion (LFI) vulnerability in OpenCart opencart_v1.1.8 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the route parameter to index.php.
A vulnerability in IP.Board 3.0.0 Beta 5 allows an attacker to inject malicious JavaScript code into the message body or signature of a user. This code will be executed in the context of the user's browser when the message is viewed. Additionally, a path disclosure vulnerability exists in the same version of IP.Board, which allows an attacker to view the full path of the application on the server.
dWebPro v 6.8.26 is vulnerable to Directory Travelsal & File Disclosure. Directory Travelsal can be exploited by using '..%5C/' or '..%2f' in the URL. File Disclosure can be exploited by using Alternative Data Streams in the URL.
This exploit is for SDP Downloader v2.3.0 (.ASX) Local Buffer Overflow Exploit (SEH). It is a SEH based exploit which uses a malicious ASX file to trigger the buffer overflow. The exploit code is written in Python and uses a shellcode to execute a calculator.
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
Photo-Rigma.BiZ v30 is vulnerable to a Remote SQL Injection vulnerability. This vulnerability allows an attacker to execute arbitrary SQL commands on the vulnerable system. This can be exploited to bypass authentication, access, modify and delete data within the database.
Services By CQR