An attacker can exploit this vulnerability by setting a malicious cookie using the javascript code: javascript:document.cookie = "xlaAFPadmin=lvl=1&userid=1; path=/"; and then accessing the URL http://www.xigla.com/absolutefp/demo/menu.asp.
CoolPlayer Portable 2.19.1 is vulnerable to a buffer overflow when a specially crafted skin file is opened. This can be exploited to execute arbitrary code by tricking a user into opening a malicious skin file. The exploit is triggered when a user opens a malicious skin file with CoolPlayer Portable 2.19.1, which causes a buffer overflow and allows arbitrary code execution.
A buffer overflow vulnerability exists in UltraFunk Popcorn 3.01. A remote attacker can exploit this vulnerability to execute arbitrary code on the target system. The vulnerability is due to insufficient boundary checks when handling user-supplied input. An attacker can send a specially crafted POP3 request containing an overly long string to trigger the buffer overflow. This may allow the attacker to execute arbitrary code on the target system with the privileges of the vulnerable application.
A vulnerability in Dream FTP Server allows an attacker to disclose arbitrary files from the server. The vulnerability exists due to the lack of proper authentication and authorization checks when handling FTP requests. An attacker can exploit this vulnerability by sending a specially crafted FTP request to the server. This will allow the attacker to access arbitrary files from the server.
This web server when fed with 1006 bytes of chr(0x0d),with the html "GET" parameter,the Server's Gui's Thread gets corrupted.This means, though the web server works normally, (due to Multithreading),No more Logs are generated.Also "all" the web server configuration settings are unavailable.
This component contains methods which lead into a denial of service. This is the list of components: 'GetBackupLocationPath', 'CallUninstall', 'SetupDeleteVolume', 'CanUseEasySetup', 'CallAddInitialProtection', 'CallTour'. Crash happens here: 03A6B9D6 8B10 MOV EDX,DWORD PTR DS:[EAX] and registers risuation is: EAX 00000000 ECX 774F9997 ole32.774F9997 EDX 019DCB04 EBX 00000000 ESP 019DCAE4 EBP 019DCB9C ESI 019DCCB8 EDI 00000001 EIP 03A6B9D6 EasySetu.03A6B9D6. Unfortunately the vulnerability seems to be unexploitable, however, a way to execute arbitrary code was found but it requires a high level of user interaction to work.
The vulnerability is caused due to an error in multi-socket which can be exploited to crash the HTTP service.
CoolPlayer Portable is vulnerable to a buffer overflow vulnerability when processing specially crafted .m3u files. An attacker can exploit this vulnerability to execute arbitrary code on the target system. The vulnerability is caused due to a boundary error when copying data from the .m3u file into a fixed-length buffer. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted .m3u file with an overly long string. Successful exploitation of this vulnerability can result in arbitrary code execution in the context of the user running the vulnerable application.
CoolPlayer Portable 2.19.1 is vulnerable to a buffer overflow when a specially crafted .m3u file is opened. The vulnerability is caused due to a boundary error when copying user supplied data into a fixed length memory buffer. This can be exploited to cause a stack-based buffer overflow by e.g. supplying an overly long string as the file name. Successful exploitation allows execution of arbitrary code.
This exploit allows an attacker to access arbitrary files on a vulnerable Femitter FTP Server 1.03. The exploit works by sending a specially crafted FTP request containing two slashes (//) followed by the file path. This allows the attacker to access any file on the server, regardless of the file permissions.
Services By CQR