Multiple SQL Injection vulnerabilities exist in Fashione E-Commerce Webshop, which can be exploited by malicious people to conduct SQL injection attacks. The vulnerabilities are present in the 'brandid', 'plu' and 'page_id' parameters when sending a request to the affected script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
JMD-CMS Alpha 3.0.0.9 have Multiple Valnerabilities: 1- Upload arbitrary file with FCKEditor and 2- Persistent XSS. With the first vulnerability, an attacker can upload any file with the link http://localhost/jmdcms/FCKeditor/editor/fckeditor.html or http://localhost/jmdcms/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/aspx/connector.aspx and the files will be stored in http://localhost/UserFiles/Image/. The second vulnerability is a persistent XSS vulnerability in the Caption field of the page http://localhost/jmdcms/addPage.aspx?Parent_Page=default, which is accessible for Admin.
It is possible to inject HTML/JS/VBS code into the document although XSS filters are active. Additionally, triggering various error messages in the admin panel is possible, as well as playing around with the controller variable.
xt:Commerce Gambio 2008 - 2010 is vulnerable to an error based SQL injection vulnerability. This vulnerability exists in the 'product_reviews_info.php' script, which takes the 'products_id' parameter and is not properly sanitized before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can be used to bypass authentication and gain access to the admin panel.
A BMP file is a bitmap image file used to store bitmap digital images, independently of the display device (such as a graphics adapter), especially on Microsoft Windows and OS/2 operating systems. This vulnerability allows an attacker to crash Microsoft Paint by sending a specially crafted BMP file. This vulnerability affects Windows XP and Windows Server 2003.
MediaHuman Music Converter 1.0.1 is vulnerable to a denial of service attack when a specially crafted .wav or .mp3 file is opened. The application crashes when the file is opened, and a Windows auto report and solution window pops out.
DJ Studio Pro Version 8.1.3.2.1 is vulnerable to a SEH buffer overflow vulnerability. An attacker can exploit this vulnerability by sending a specially crafted .pls file to the victim. The specially crafted .pls file contains an egg hunter shellcode followed by a payload. The egg hunter shellcode searches for the egg which is followed by the payload. The payload contains a malicious code which is executed when the victim opens the .pls file.
BACnet OPC Client Buffer Overflow Exploit is a vulnerability in BACnet OPC Client which allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability is caused due to a boundary error when handling specially crafted BACnet packets. This can be exploited to cause a stack-based buffer overflow via an overly long, specially crafted packet sent to the affected system. Successfully tested on Windows XP Service Pack 3 with BACnet OPC CLient 1.0.24.
This exploit has been tested very thoroughly over the course of the past few years on many many targets. It adds support for getsockopt for MCAST_MSFILTER for both IPv4 and IPv6. It depends on the previous setsockopt patch, and uses the same method.
This exploit is used to gain root privileges on x86_64 Linux kernel systems. It was rediscovered by Ben Hawkes with help from Robert Swiecki and Tavis Ormandy. The original vulnerability was discovered by Wojciech Purczynski and the original exploit was created by Robert Swiecki, Przemyslaw Frasunek, and Pawel Pisarczyk. The kernel privilege escalation code was borrowed from Spender. The exploit works by replacing the ia32_syscall entry in the sys_call_table with a call to the kernelmodecode function. This function calls the commit_creds and prepare_kernel_cred functions to gain root privileges.
Services By CQR