A vulnerability exists in AlstraSoft AskMe Pro, which allows an attacker to inject malicious SQL commands into the profile.php?id parameter. This can be exploited to gain access to the database and potentially disclose sensitive information.
Simple Error Based / Normal SQL Injection in 'aktkat=' e.g. http://server/kn.php?aktkat=16 [SQL INJECTION] / columns vary..
For successful injection in this CMS, an attacker has to pass two steps. In the first step, the attacker has to enter a value in the Criteria field and click on the 'Go' button. If the data is loaded, the attacker can enter a value to define the first character of the AccName field of the Admins table. If the first character is 'a', the data will be loaded. If not, nothing will be loaded. The attacker can repeat this process to acquire the other characters and extract the admin's username and password.
MyHobbySite 1.01 is vulnerable to SQL injection and authentication bypass. An attacker can exploit this vulnerability by entering malicious SQL queries in the username and password fields. This can be done by entering ' union select 1,concat_ws(0x3a,id,username,password,email),3,4,5 from mhs_users-- - in the username and password fields or by entering ' or 1=1-- - in the username and password fields. This vulnerability can only be exploited when magic_quote_gpc is set to Off.
In function http_parse_request_header the application fails to do a boundary check for a malformed buffer received as a HTTP command (HEAD/GET/POST), prior to use it as input for logger variable at swebs_record_log function. The exploit sends a malformed buffer as a HTTP command (HEAD/GET/POST) to the vulnerable application.
DBServer.exe and DBTools.exe are prone to local denial of service causing a NULL pointer Dereference. Correct manipulation of .4DC file format should to allow attackers exploit this issue to crash application, denying service to legitimate users. Due to the nature of this issue, attackers may be able to execute local arbitrary code, but this has not been confirmed.
The first three URLs are vulnerable to SQL injection. The fourth URL is vulnerable to stored XSS attack. The fifth and sixth URLs are vulnerable to CSRF attack.
This exploit is a buffer overflow vulnerability in Microsoft Office Word 2007 SP2. It is triggered when a specially crafted Word document is opened. The vulnerability is caused by a lack of proper bounds checking of the sprmCMajority and sprmPAnld80 fields in the Word document. This can allow an attacker to execute arbitrary code on the target system.
The POST variable send-email[recipient] is vulnerable in /symphony-2.0.7/about/ and the POST variable fields[website] is vulnerable in /symphony-2.0.7/articles/a-primer-to-symphony-2s-default-theme/. The POST variable send-email[recipient] is vulnerable in /symphony-2.0.7/about/ and the POST variable fields[website] is vulnerable in /symphony-2.0.7/articles/a-primer-to-symphony-2s-default-theme/.
A memory corruption vulnerability was confirmed by Chromium Security Team. Original stacktrace showed a null ptr dereference, but some pointers were also corrupted.
Services By CQR