Parodia 6.8 and earlier versions are vulnerable to SQL injection. An attacker can inject malicious SQL queries via the AG_ID parameter in the agencyprofile.asp and employer-profile.asp scripts. This can allow an attacker to gain access to sensitive information from the database.
A buffer overflow vulnerability exists in Investintech's SlimPDF Reader 1.0 when a specially crafted PDF file is opened. The vulnerability is caused due to a boundary error when handling the 'startxref' keyword within the PDF file. This can be exploited to cause a stack-based buffer overflow by e.g. an overly long string of 'A' characters. Successful exploitation may allow execution of arbitrary code.
Kingview Touchview is vulnerable to a buffer overflow attack when a malicious user sends a specially crafted packet to the vulnerable application. This packet contains a large amount of data which is then stored in a buffer, overwriting the adjacent memory. This can lead to arbitrary code execution.
This module exploits a stack buffer overflow in iTunes 10.4.0.80 to 10.6.1.7. When opening an extended .m3u file containing an "#EXTINF:" tag description, iTunes will copy the content after "#EXTINF:" without appropriate checking from a heap buffer to a stack buffer, writing beyond the stack buffer's boundary, which allows code execution under the context of the user.
The vulnerability is caused due to an error when decompressing DjVu images and can be exploited to cause a heap-based buffer overflow via a specially crafted file.
The vulnerability is caused due to all these scripts using "unserialize()" with user controlled input. This can be exploited to e.g. execute arbitrary PHP code via the "__destruct()" method of the "SugarTheme" class, passing an ad-hoc serialized object through the $_REQUEST['current_query_by_page'] input variable.
This module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt AMF0 "_error" response, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the "World Uyghur Congress Invitation.doc" e-mail attack. According to the advisory, 10.3.183.19 and 11.x before 11.2.202.235 are affected.
A vulnerability exists in the authentication processing module of the SoftPerfect Bandwidth Manager. According to the SoftPerfect FAQ page the system utilises an API consisting of HTTP and XML. Using a packet sniffer to monitor port 8701 we can see that the initial packet exchange for a blank password is: POST / HTTP/1.0Content-Type: text/xmlContent-Length: 100Authorization: Basic YWRtaW46 <?xml version="1.0" encoding="windows-1252"?><request><command>getoptions</command></request>. Basic authentication with a username of admin and a blank password. When this software has no password set, any password seems to authenticate. This is interesting, but ultimately unusual in a proper environment. The bug exists in the authentication mechanism. I was initially going to fuzz the Basic string, only to find that it worked on my first try. Sending the following to the application will completely bypass any password in place (note the strong text in the Authorization line): POST / HTTP/1.0Content-Type: text/xmlContent-Length: 100Authorization: Basic *AAAA* <?xml version="1.0" encoding="windows-1252"?><request><command>getoptions</command></request>. The getoptions command includes dumping a cleartext password from the database to the connection.
Insufficient validation when decompressing SGI32LogLum compressed TIFF images can be exploited to cause a heap-based buffer overflow. The vulnerabilities are confirmed in version 1.98.8. Other versions may also be affected.
Insufficient validation when decompressing PCT images can be exploited to cause a heap-based buffer overflow. The vulnerabilities are confirmed in version 1.98.8. Other versions may also be affected.
Services By CQR