GnuPG fails to notify scripts when an invalid detached signature is presented, allowing attackers to bypass the signature-verification process.
This is a proof-of-concept exploit for the WinZip32 MIME Parsing Overflow bug. The exploit takes advantage of a buffer overflow vulnerability in WinZip 8.1 on Windows XP SP1 and Windows 2000 SP1. The exploit allows an attacker to control the EBX register and execute arbitrary code.
This exploit allows an attacker to perform command injection and execute arbitrary commands on the TRENDnet TEW-812DRU router. The vulnerability was discovered by Jacob Holcomb and Kedy Liu, security analysts at Independent Security Evaluators. The CSRF vulnerability is identified as CVE-2013-3098 and the multiple command injection vulnerability is identified as CVE-2013-3365. The exploit involves enabling port forwarding to the router's internal IP on port 23 and enabling telnet.
The dynasite3.2.2 application is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a malicious file from a remote server, leading to arbitrary code execution.
The Beehive Forum application fails to properly sanitize user-supplied input, leading to an SQL injection vulnerability. An attacker can exploit this vulnerability to bypass authentication and gain administrative access to the site. Other attacks may also be possible.
The GNOME Evolution email client is vulnerable to a denial-of-service attack when processing messages that contain inline XML file attachments with excessively long strings.
ZixForum is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This exploit allows an attacker to execute arbitrary code on a remote server running MDPro version 1.0.76. The vulnerability is based on a cookie called 'lang' that can be manipulated to execute commands on the server.
This exploit allows an attacker to execute remote code on a vulnerable e107 version 0.7.5. The vulnerability is found in the gsitemap.php file on line 19-28.
An attacker can nest BBCode IMG tags to trigger this issue and execute arbitrary code in a user's browser. Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. Other attacks are also possible.
Services By CQR