This exploit is a buffer overflow vulnerability in the idaiehlp.dll BHO (Browser Helper Object) for Internet Download Accelerator. The vulnerability is triggered when a maliciously crafted argument is passed to the NotSafe() method of the idaiehlp.dll BHO. This can lead to arbitrary code execution on the vulnerable system.
QQPlayer 2.3.696.400p1 is vulnerable to a denial of service attack when a specially crafted .wav file is opened. The crafted file contains a header followed by a large number of 'A' characters. When the file is opened, the application will crash.
This exploit is a Remote Blind SQL Injection exploit for ColdGen - coldusergroup v1.06. It uses parameters ArticleID & LibraryID to exploit the vulnerability. It also has XSS in the search.
ColdGen's coldofficeview v2.04 is vulnerable to Remote Blind SQL Injection. This vulnerability can be exploited by sending a maliciously crafted HTTP request to the vulnerable application. The PoC's provided demonstrate how an attacker can use the EventID and UserID parameters to inject malicious SQL code into the application.
ColdGen's coldbookmarks v1.22 is vulnerable to a remote SQL injection vulnerability. This vulnerability allows an attacker to inject arbitrary SQL code into the application. This can be exploited to gain access to the database and potentially gain access to sensitive information.
A buffer overflow vulnerability exists in Novell Netware NWFTPD.NLM 5.09.02 (Netware 6.5 SP8). A remote attacker can send a specially crafted DELE command with an overly long argument to trigger a stack-based buffer overflow and execute arbitrary code on the target system.
DynPage allows you to edit Websites online and make pieces of contents editable with a comfortable editor. DynPage implements the CKeditor - one of the best Internet editors. The integration of content into the HTML pages can be done with Ajax/Javascript or PHP - so you can also handle cross domain sites. DynPage is written in PHP and does not require MySQL database. It's easy to install and to configurate. Local File Disclosure vulnerability exists due to insufficient validation of user-supplied input in the 'file' parameter of '/content/dynpage_load.php' script. This can be exploited to disclose sensitive information from arbitrary files via a direct request. Admin hash Disclosure vulnerability exists due to the default password is admin,that stored in config_global.inc.php(line 41-42 ) and the hash password stored as SESSION in /conf/init.inc.php.
If a user is allowed to leave a comment or book an event, they can inject Javascript Code in their comment or in the fields [Name], [Email], [Phonenumber], [Comment]. The code will be displayed below the event or in the Wordpress Backend.
A vulnerability exists in Joomla Component Aardvertiser 2.1 free, which allows an attacker to inject malicious SQL queries via the 'cat_name' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to sensitive information from the database.
The Real Estate & Rental Property Website includes a web application that provide realtors with the ability to add both For Sale & For Rent properties to the web site using powerful forms that are easy to use and provides visitors with the ability to browse or search those properties. The web application's administration tool allows for easy updates of properties with image upload, category management, listing management, mailing list management, and much more. The vulnerability is demonstrated by the demo URL http://server/detail.asp?ad_ID=[sqli].
Services By CQR