The application crashes when it tries to join two malformed mp3 files. A PoC code is provided which creates two malformed mp3 files and when inserted into the application, it crashes.
The web application uses cookie parameters passed via HTTP requests to identify which user is logged in. Authentication routines can be bypassed by simply appending the below POC string to a cookie which already contains a valid ASP.NET session ID. The value given to the various cookie parameters indicates the specific user ID for the application user the attacker wishes to impersonate.
MaticMarket 2.02 for PHP Nuke is vulnerable to Local File Inclusion (LFI) vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request containing maliciously crafted input to the vulnerable application. This can allow an attacker to read sensitive files from the server, such as the /etc/passwd file.
Word Splash Pro is vulnerable to a buffer overflow attack when a specially crafted file is imported. This can be exploited to execute arbitrary code by exploiting a stack-based buffer overflow in the application. The vulnerability is caused due to a boundary error when importing a specially crafted file with an overly long string. This can be exploited to cause a stack-based buffer overflow by overwriting the saved return address with an attacker-supplied address. Successful exploitation of this vulnerability can result in arbitrary code execution in the context of the application.
The vulnerability exists due to failure in the script to properly sanitize user-supplied input.Successful exploitation of this vulnerability could result in a compromise of the application,disclosure or modification of sensitive data. The Xss vulnerability exists in 'contacts',emailfilter. Also the attacker can send malicious xss scripts to the users who are using this application. Attack parameter: '><script>alert('xss')</script>'
User can also see the category at the front page. Category wise items (cars) are displayed in it. Click on the particular category it will display that category item. If user wants to see that item (car) then click on that item (car) then it will display the item full description. User can see the item’s in the Google Map. User can also rate the particular item (car). We have put the Ajax rating control to rate the item (car). Admin can set the design of category page, item (car) page and item (car) detail page from the back end. Admin can also create the fields dynamically from the back end.
Oto Galery v1.0 is vulnerable to multiple SQL injection vulnerabilities. The vulnerable parameters are 'carsdetail.asp?arac' and 'twohandscars.asp?marka'. An attacker can exploit these vulnerabilities to gain unauthorized access to the application and its underlying database.
The vulnerability exists in the profile.php file of the WebScript Mafia Game Script, which allows an attacker to inject malicious SQL queries into the application. The vulnerability can be exploited by sending a specially crafted HTTP request to the vulnerable application. This can result in the execution of arbitrary SQL commands in the back-end database, potentially resulting in the manipulation or disclosure of application data.
This custom_method file allows to inject custom ACPI methods into the ACPI interpreter tables. This control file was introduced with world writeable permissions in Linux Kernel 2.6.33. This vuln allows us to write custom ACPI methods and load them into the kernel as an unprivileged user. We compile some fancy ASL down to AML that overrides the ACPI method used when the status of the LID device is queried (eg. 'open' or 'closed' lid on a laptop). When the method is triggered, it overlays an OperationRegion on the physical address where sys_futimesat is located and overwrites the memory via the Store to escalate privileges whenever sys_futimesat is called.
Projekt Shop is vulnerable to SQL injection via the 'ts' and 'ilceler' parameters in the details.php and arama page respectively. An attacker can inject arbitrary SQL queries and gain access to the database.
Services By CQR