A Buffer Overflow vulnerability exists in BulletProof FTP Client 2009 (.bps) due to improper bounds checking of user-supplied data, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially allow execution of arbitrary code.
This exploit allows an attacker to access files on a vulnerable ftpdmin 0.96 server by using a single or double slash in the URL. The attacker can then access files such as boot.ini.
ASP Product Catalog is vulnerable to XSS and Database Disclosure. XSS can be exploited by sending malicious payloads in the search parameter. Database Disclosure can be exploited by downloading the aspProductCatalog.mdb file from the database folder.
e107 Plugin userjournals_menu (blog.id) is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.
This exploit is for Mini-stream Ripper Version 3.0.1.1 .m3u Universal Stack Overflow. It creates a malicious .m3u file with a header, shellcode, a universal return address, and a NOP sled. When the file is opened, the shellcode is executed, allowing the attacker to gain control of the system.
A SQL injection vulnerability exists in FreznoShop version 1.3.0. An attacker can send a specially crafted HTTP request to product_details.php with an id parameter containing malicious SQL code to execute arbitrary SQL commands on the underlying database.
XeS PMS/MGS/NM/AMS 1.0 is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to gain access to the application without authentication. This can be done by supplying a specially crafted username and password to the application. The username and password should be set to ' or '1=1.
A stack-based buffer overflow vulnerability exists in Mini-stream RM-MP3 Converter Version 3.0.0.7. The vulnerability is caused due to a boundary error when handling .m3u files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted .m3u file. Successful exploitation may allow execution of arbitrary code.
ASX to MP3 Converter Version 3.0.0.7 is vulnerable to a stack overflow vulnerability. An attacker can exploit this vulnerability by crafting a malicious .m3u file with a long string of 'A' characters followed by a universal return address and a NOP sled. This will allow the attacker to execute arbitrary code on the vulnerable system.
This exploit is for WM Downloader Version 3.0.0.9 .m3u Universal Stack Overflow. It is discovered by Cyber-Zone and exploited by Stack. It uses a buffer overflow vulnerability to overwrite the return address of the function with the address of the shellcode. The exploit is written in C language and creates a file named exploit.m3u which contains the malicious code.
Services By CQR