Xion Audio Player 1.0.127 is vulnerable to a denial of service attack when a malicious .aiff file is opened. The malicious file contains a FORM header followed by a AIFFCOMM header and an 'A' character. When the file is opened, the program crashes due to an access violation while writing to 00000020.
This module exploits a stack-based buffer overflow in NetOp Remote Control 9.5. When opening a .dws file containing a specially crafted string longer then 520 characters will allow an attacker to execute arbitrary code.
Sysax Multi Server version 5.57 and prior is vulnerable to a post-authentication directory traversal vulnerability. An attacker can exploit this vulnerability to traverse the directory structure and access sensitive files on the server.
Simple Php Agenda 2.2.8 (and lower) is affected by a CSRF Vulnerability which allows an attacker to add a new administrator, delete an existing administrator, create/delete a new event and change any other parameters. In this document, the author demonstrates how to add a new administrator, delete an existing administrator, add a new event, and delete an existing event.
This exploit is for BlazeVideo HDTV Player 6.6 Professional. It is a buffer overflow vulnerability that can be exploited by sending a maliciously crafted packet to the vulnerable application. The exploit will overwrite the SEH and DEP registers and bypass ASLR. It will then execute a shellcode to gain remote access to the system.
SnackAmp 3.1.3 is vulnerable to a denial of service attack when a malicious AIFF file is opened. The application will crash when the malicious file is opened.
Foxplayer 2.6.0 suffers from a denial of service vulnerability, when opening a malicious .m3u file.
A remote SQL injection vulnerability was discovered in the Buddypress plugin of Wordpress. An attacker could exploit this vulnerability by sending a specially crafted HTTP POST request to the wp-load.php file, containing malicious SQL code in the action parameter. This could allow the attacker to execute arbitrary SQL commands on the vulnerable system.
[WN]KT KickTipp 3.1 is a Addon for the Woltlab Burning Board 2.2 / 2.3.Web Application for Forum Systems.In this Addon we found a remote SQL Injection vulnerability in the kt_main.php file.The Vulnerability is a hight risk and not fixed from the coder.You must login for the remote SQL injection by the most Systems.
The missing password field or an empty password in the AUTHENTICATECONNECTION command required to login leads to a NULL pointer dereference in the DPA_Utilities.cProcessAuthenticationData function.
Services By CQR