Phoroum is prone to SQL injection attacks. Insufficient sanitization of user input may allow a malicious user to manipulate the structure and logic of database queries. Successful exploitation could allow the attacker to compromise security properties of the application and the database. Possible consequences include unauthorized access to the application and database.
There's a bug in win32k!EPATHOBJ::pprFlattenRec where the PATHREC object returned by win32k!EPATHOBJ::newpathrec doesn't initialise the next list pointer.
Tru64 5 su exploit allows an attacker to execute arbitrary code with root privileges by exploiting a buffer overflow vulnerability in the su command. The exploit code contains a shellcode that will be executed to gain root access.
BOINC Manager 7.0.64 is vulnerable to a field stack based buffer overflow. An attacker can exploit this vulnerability by convincing the victim to use a very long URL as the Account Manager URL. This can be done by generating the URL using the provided exploit. The severity of this vulnerability is low.
The Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks.
This is a vulnerability in ClamAV that allows an attacker to cause a denial of service by sending a specially crafted CHM file. The vulnerability is due to a flaw in the handling of CHM chunk names, which can be exploited to crash the application. The vulnerability was discovered by Damian Put and all credits go to him.
This module exploits a stack buffer overflow in the db_netserver process which is spawned by the Lianja SQL server. The issue is fixed in Lianja SQL 1.0.0RC5.2.
The 'login.asp' script in StoreFront Shopping Cart is affected by an SQL injection vulnerability. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The vulnerability exists in the third-party DLL "PDF In-The-Box" used by Logic Print 2013. The ROP (Return-Oriented Programming) is performed using the os DLL "msi.dll" version 3.1.4001.5512.
Multiple vulnerabilities have been found in MayGion IP cameras based on firmware v09.27 and below. These vulnerabilities could allow an unauthenticated remote attacker to dump the camera's memory and retrieve user credentials, as well as execute arbitrary code.
Services By CQR