A format string vulnerability exists in SonicWALL E-Class SSL-VPN ActiveX Control versions 5.9.0.0 and earlier. An attacker can exploit this vulnerability by sending a specially crafted format string to the vulnerable application. This can result in arbitrary code execution on the affected system.
A vulnerability in vBulletin 4.0.4 allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'GLOBALS[]' parameter in 'forumdisplay.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary code on the system with the privileges of the web server process. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
A buffer overflow vulnerability exists in RockN_Wav Editor 1.8, which could allow an attacker to execute arbitrary code on the target system. The vulnerability is due to a lack of proper bounds checking when handling a specially crafted .wav file. An attacker can exploit this vulnerability by enticing a victim to open a malicious .wav file, resulting in arbitrary code execution.
This exploit is a Denial of Service (DoS) vulnerability in the httpdx v1.5.4 FTP server. It crashes the server by sending a USER anonymous command in a loop. Upon crash, it throws an Access violation when writing to [00230000].
This exploit uses SEH to gain code execution, while EDB 14676 uses a direct EIP overwrite which is operating system specific.
Opening crash.vbs in VbsEdit will cause VbsEdit to crash consistently.
User-supplied variable 'generator' is copied to a 128 byte buffer 'query' which causes an off-by-one overflow. The vulnerable code is the snprintf statement which copies the 'generator' variable to the 'query' variable.
A-PDF WAV to MP3 Converter 1.0.0 is vulnerable to a stack buffer overflow vulnerability when processing specially crafted .m3u files. An attacker can exploit this vulnerability by sending a specially crafted .m3u file to the victim, which will cause the application to crash and potentially execute arbitrary code on the victim's system.
This vulnerability allows an attacker to include a remote file on the web server. This can be exploited to execute arbitrary PHP code on the vulnerable system. The vulnerability is located in the 'themes/default/index.php' script with the 'meta' and 'phpincdir' parameters.
A buffer overflow vulnerability exists in Brazip 9.0 when handling .zip files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is due to a lack of proper validation of user-supplied input when handling .zip files. An attacker can exploit this vulnerability by enticing a user to open a specially crafted .zip file. Successful exploitation could result in arbitrary code execution in the context of the application.
Services By CQR