A vulnerability in Limbo cms v 1042Lt allows an attacker to create a new user with administrator privileges. This is done by sending a crafted request to the vulnerable application. The attacker can then use the newly created user to gain access to the application.
Two Microsoft Media Player quartz.dll wav remote Denial of Service vulnerabilities were discovered by Code Audit Labs in 2009. The vulnerabilities affected Windows Media Player 10.00.00.3998 quartz.dll 6.5.3790.4283 and Windows Media Player 11.0.5721.5230 quartz.dll 6.5.2600.5596. Other versions may also be affected.
The vulnerability exists within the code in MicroSoft Gdi+ processing crafted png file. that cause infinity loop to cause high CPU(100%) and D.o.S.
A vulnerability exists within the quartz.dll code processing RMID header. If the data_id is not 'data' and midi_size is 0xfffffff8, the code would fall into an infinite loop.
Zervit Webserver is vulnerable to a directory traversal attack. This vulnerability allows an attacker to view arbitrary files on the server, including sensitive files such as boot.ini. The vulnerability is caused due to the improper sanitization of user-supplied input to the 'GET' parameter. This can be exploited to read arbitrary files on the server by sending a specially crafted HTTP request.
chCounter 3.1.3 is vulnerable to a login bypass vulnerability. This vulnerability is due to insufficient authentication checks when handling user authentication requests. An attacker can exploit this vulnerability by sending a specially crafted request to the application with a username and password of '=' to bypass authentication and gain access to the application.
Multiple Remote File Inclusion (RFI) vulnerabilities exist in SMA-DB 0.3.13. An attacker can exploit these vulnerabilities to include arbitrary files from remote locations and execute arbitrary code on the vulnerable system.
This vulnerability allows an attacker to bypass authentication and gain access to the admin panel of the eLitius Version 1.0. The vulnerability is due to the fact that the application does not properly validate the username and password fields. An attacker can exploit this vulnerability by setting the username and password fields to 'admin' and gain access to the admin panel.
A vulnerability was found in several portlets including Services/Repository, Embedded DB/DB Manager, and Security/Keystores when running on a Windows server. This issue may allow a remote attacker to upload any file in any directory.
NetHoteles v3.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. This issue affects the 'id_establecimiento' parameter of the 'ficha.php' script.
Services By CQR