The vulnerability exists due to improper handling of the URI length within the 'NMMediaServer.dll' dynamic-link library. A remote attacker can send a specially crafted HTTP request of at least 500'000 characters long to port 54444/TCP (Nero MediaHome server's default port) and cause a stack-based buffer overrun that will immediately crash the Nero MediaHome server.
This modules exploits a vulnerability found in the Honewell Tema ActiveX Remote Installer. This ActiveX control can be abused by using the DownloadFromURL() function to install an arbitrary MSI from a remote location without checking source authenticity or user notification. This module has been tested successfully with the Remote Installer ActiveX installed with HoneyWell EBI R410.1 - TEMA 5.3.0 and Internet Explorer 6, 7 and 8 on Windows XP SP3.
This module exploits a vulnerability in Microsoft Internet Explorer. A memory corruption may occur when the Option cache isn't updated properly, which allows other JavaScript methods to access a deleted Option element, and results in code execution under the context of the user.
This module exploits a remote code execution vulnerability in the XML request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application.
This module exploits an authentication bypass vulnerability in eXtplorer versions 2.1.0 to 2.1.2 and 2.1.0RC5 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to any writable directory in the web root. This module uses an authentication bypass vulnerability to upload and execute a file.
This exploit bypasses ASLR without the need of any NON-ASLR dll's using a leak. It is tested on Windows 7 (x86) - IE 8.0.7601.17514 and an old version of the exploit is available at https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/24017-old.zip.
An attacker can exploit a SQL injection vulnerability in WeBid 1.0.6 by sending unsanitized post input from two different parameters (total and cart_order_id) to the toocheckout_validate() function. This allows an attacker to retrieve data using a time-based blind injection technique or by updating a pre-existing value to the output of an embedded query.
It has been found that Watson Management Console is prone to a directory traversal vulnerability. The issue is due to the server's failure to properly validate user supplied http requests. This issue may allow an attacker to escape the web server root directory and view any web server readable files. Information acquired by exploiting this issue may be used to aid further attacks against a vulnerable system.
The Free Blog 1.0 application is vulnerable to arbitrary file upload and deletion. An attacker can upload a malicious file to the server and execute it. The attacker can also delete any file from the server.
Websitebaker Add-on 'Concert Calendar 2.1.4' is prone to a XSS and SQLi vulnerability. The vulnerability is present in the view.php file, where the 'date' parameter is not properly sanitized. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request with a malicious 'date' parameter. For the XSS vulnerability, the attacker can send a maliciously crafted HTTP request with a malicious 'date' parameter containing a malicious JavaScript code. For the SQLi vulnerability, the attacker can send a maliciously crafted HTTP request with a malicious 'date' parameter containing a malicious SQL query.
Services By CQR