This exploit targets a SEH buffer overflow vulnerability in ALLPlayer 5.6.2. By opening a specially crafted .m3u file, an attacker can trigger the vulnerability and execute arbitrary code.
EncapsCMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
MDPro is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Flip4Mac is prone to a remote memory-corruption vulnerability because the application fails to properly handle malformed WMV files. An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.
The Vivvo Article Management CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
AdMentor is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Apple Installer is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. A successful attack may crash the application or possibly allow the attacker to execute arbitrary code. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.
An attacker can inject arbitrary script code in the context of a victim's Internet Explorer temporary folder using Yahoo! Messenger. This can lead to information theft and other attacks.
The FD Script application fails to properly sanitize user-supplied input, which can be exploited by an attacker to retrieve arbitrary files from the vulnerable system. This vulnerability exists in FD Script 1.32 and prior versions. By sending a specially crafted request to the 'download.php' script with a manipulated 'fname' parameter, an attacker can retrieve sensitive information from the targeted system, potentially aiding in further attacks.
The PHPUpdate version 2.7 and below is vulnerable to an authentication bypass and shell injection vulnerability. This exploit works regardless of the php.ini settings and against the flat-file version of PHPUpdate. An attacker can execute arbitrary commands on the target server by exploiting this vulnerability. The vulnerability can be exploited by sending a specially crafted packet to the target server.
Services By CQR