Freeway is the most advanced Open Source eCommerce platform and includes an array of features not found in extremely expensive commercial systems. Without having to purchase a commercial system and then paying a developer to build custom installation, Freeway does most of what you need out of the box. For example, instead of getting dragged into purchasing an overpriced products based system and having a developer struggle for weeks and eventually fail to force products sales into event sales, Freeway already support events AND services AND subscriptions. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, which can lead to the execution of arbitrary SQL commands.
Plogger is vulnerable to a remote file disclosure vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. By manipulating the 'src' and 'w' or 'h' parameters, an attacker can read arbitrary files from the server. This vulnerability affects Plogger versions prior to 1.0.2.
The vulnerability exist in the CSC_ServerXControl class with all its members. When parsing overly long string while listening for incoming connection the application crashes along with IE, corrupting the memory.
Xion 1.0.125 is vulnerable to a stack buffer overflow when a specially crafted .m3u file is opened. The vulnerability is caused due to a boundary error when copying user supplied data into a fixed length stack buffer. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted .m3u file.
Mediacoder 0.7.5.4710 is vulnerable to a buffer overflow exploit. The vulnerability is triggered when a maliciously crafted .m3u file is loaded and clicked on. This exploit was discovered by abhishek lyall and coded by Dr_IDE. It uses a 534 byte shellcode to execute a calc.exe command.
This exploit allows an attacker to change the admin password of Kleeja software by using a CSRF attack. The attacker can craft a malicious HTML page with a form that contains the new admin credentials and submit it to the vulnerable URL. This will change the admin password and give the attacker access to the admin panel.
CombiWave Lite v4.0.1.4 is vulnerable to a denial of service attack when a specially crafted .mws file is opened. The application will crash when the file is opened, denying service to legitimate users.
This exploit is for JaMP Player v4.2.2.0, which is vulnerable to a denial of service attack. The vulnerability is triggered when a specially crafted .m3u file is opened, causing the application to crash. No CVE has been assigned to this vulnerability.
A buffer overflow vulnerability exists in Easy FTP Server v1.7.0.11 when handling specially crafted commands such as DELE, STOR, RNFR, RMD, and XRMD. An attacker can exploit this vulnerability by sending a specially crafted command with a payload of 268 bytes or more. This will overwrite the EIP register and allow the attacker to execute arbitrary code.
KnowledgeTree 3.5.2 Community Edition is vulnerable to a permanent XSS vulnerability. This vulnerability can be exploited by entering malicious JavaScript code into the search box or search criteria and saving the search. These searches can be shared with all users, enabling the insertion of malicious JavaScript code. To exploit this vulnerability, a user can load http://localhost/dashboard.php or http://localhost/search2.php?action=searchResults in the textbox, enter <script>alert('moo')</script> and save the search. The saved search can then be loaded to view the result.
Services By CQR