The DBHcms is a Open Source content management system for personal and small business websites. An attacker can exploit a SQL injection vulnerability in DBHcms 1.1.4 by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
Pulse Pro 1.4.3 is vulnerable to a persistent XSS vulnerability. An attacker can inject a malicious XSS payload into the 'Edit Profile' page of the application. After logging out and logging in again, the XSS payload will be executed.
HP Data Protector Media Operations has an embedded HTTP server, allowing access through this protocol for users. A flaw was detected on this implementation, causing remote and pre-authenticated DoS: Integer Overflow handling string sent length through POST method. Integer Overflow causes unexpected variable initiation (reset to 0) followed by its dereferenciation (Null Dereference), crashing server and thus denying service to legitimate users.
A denial of service vulnerability exists in AnyDVD version 6.7.1.0 and earlier. By creating a specially crafted REGEDIT4 file, an attacker can cause a denial of service condition when the file is opened. The file must contain a REGEDIT4 header, followed by a registry key containing a large string of 'A' characters.
This vulnerability allows an attacker to cause a denial of service condition in RarmaRadio by creating a specially crafted .m3u file containing a large number of 'A' characters. When the file is opened with RarmaRadio, the application will crash.
The GNU C library dynamic linker will ignore requests to preload user specified libraries for setuid/setgid programs. However, it is possible to imagine legitimate use cases for this functionality, so the glibc developers provide an exception to this rule. LD_PRELOAD is a whitespace-separated list of additional, user-specified, ELF shared libraries to be loaded before all others. This can be used to selectively override functions in other shared libraries. For set-user-ID/set-group-ID ELF binaries, only libraries in the standard search directories that are also set-user-ID will be loaded. This feature allows developers who design their programs to operate safely while running as setuid to opt-in to doing so. Bizarrely, the same conditions do not apply to LD_AUDIT, which will load an arbitrary DSO, regardless of whether it has been designed to operate safely or not. While the dynamic loader will only use a library that exports the dynamic symbols required by the rtld-auditing API, it must first dlopen() the library in order to examine the exported symbols. By definition, this must execute any defined initialization routines. This confusion can be exploited by locating a DSO in the trusted search path with initialization code that has not been designed to operate safely in a privileged context.
A denial of service vulnerability exists in Spider Player version 2.4.5. By creating a specially crafted .m3u file containing 666666 'A' characters, an attacker can cause the application to crash.
The Altova DatabaseSpy 2011 Enterprise Edition suffers from a buffer overflow/memory corruption vulnerability when handling project files (.qprj). The issue is triggered because there is no boundry checking of some XML tag property values, ex: <Folder FolderName="SQL" Type="AAAAAAA..../>" (~1000 bytes). This can aid the attacker to execute arbitrary machine code in the context of an affected node (locally and remotely) via file crafting or computer-based social engineering.
A parameter is not properly sanitised before being used in a SQL query. This vulnerability doesn't requires to be logged in. Successful exploitation requires that the first part of the injection (in the sample code it is 271) must be a valid product number (just see the products list).
Shockwave player is a plug in for loading Adobe Director video files in to the browser. Director movies have DIR or compressed format of DCR. DIR file format is based on RIFF based formats. RIFF formats start with a 4byte RIFX identifier and length of the file. And subsequently chunks come together with format of 4byte chunk identifier + size of chunk + data. Some of the chunk identifiers are tSAC, pami, rcsL. By help of our simple fuzzer we have manipulated a director movie file and found a vulnerability in part of an existing rcsL chunk. The vulnerability is in the cmp eax, 0FFFFFFFFh instruction. If the value of eax is 0FFFFFFFFh, the cmp instruction will set the zero flag. If the zero flag is set, the jz instruction will jump to the loc_681229C2.
Services By CQR