This exploit is a proof-of-concept for a buffer overflow vulnerability in aktiv-player version 2.9.0. The exploit is triggered by creating a malicious WMA file containing 3000 'A' characters, which causes the application to crash when the file is opened.
Since user input is not fully sanitized, carefully crafted content gets returned as JS code which can be used to execute arbitrary JS code at the users context.
ClipShare - Video Sharing Community Script 4.1.4 is vulnerable to Blind SQL Injection & Plaintext Password. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'urlkey' parameter of 'ugroup_videos.php' script. An attacker can exploit this vulnerability to gain access to the application and view sensitive information such as plaintext passwords. To exploit this vulnerability, the MAGIC_QUOTES_GPC directive must be turned off on the server side.
An SQL Injection vulnerability exists in the league_id parameter of a function call made by the leaguemanager_export page. This request is processed within the leaguemanager.php which does not sanitize of SQL injection, and is passed to the admin/admin.php page into the export( $league_id, $mode ) function which also does not sanitize for SQL injection when making this call: $this->league = $leaguemanager->getLeague($league_id). The information is then echoed to a CSV file that is then provided.
When the Object Index exceeds 10 characters the app crashes. User mode write access violations that are not near NULL are exploitable. App crashes when just browsing the folder which contains the PDF.
A buffer overflow vulnerability exists in the SCTP GET_ASSOC_STATS socket option in the Linux kernel. A local user can send a specially crafted SCTP_GET_ASSOC_STATS socket option request to the kernel, which can cause a buffer overflow and lead to privilege escalation or denial of service.
Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to authenticated users, but will return all User objects in the database given the correct query.
Cam2pc is prone to an integer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Exploiting this issue could allow an attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.
Web Cookbook is vulnerable to multiple SQL Injection vulnerabilities. The application does not properly sanitize user-supplied input before using it in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are located in the 'searchrecipe.php' and 'showtext.php' scripts when processing the 'sstring', 'mode', 'title', 'prefix', 'preparation', 'postfix', 'tipp' and 'ingredient' parameters. An attacker can exploit these vulnerabilities to inject arbitrary SQL code to manipulate SQL queries and disclose sensitive information from the database. Additionally, the application is also vulnerable to a simple non-persistent XSS vulnerability when processing the 'sstring' parameter.
The vulnerability allows local attackers to compromise a vulnerable application. The vulnerability is located in the `tagscan.exe` module of the Yandex xdLab TagScanner v5.1 software. Local attackers are able to inject malicious code to the vulnerable `tagscan.exe` module to trigger a stack buffer overflow. The attack vector is located on the application-side of the vulnerable software and the request method to inject is local. The security risk of the local stack buffer overflow vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 8.2. Exploitation of the local stack buffer overflow vulnerability requires a low privilege application user account and no user interaction. Successful exploitation of the vulnerability results in application crash, memory corruption, process manipulation and compromise of the vulnerable application.
Services By CQR