The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data.
This exploit is for AoAAudioExtractor 2.0.0.0 ActiveX. It is a proof of concept exploit that uses a string of 2048 'A' characters, followed by 4 'B' characters, 4 'C' characters, 100 'D' characters, and 100 'E' characters as arguments to the InitLicenKeys method of the ActiveX control. This causes a SEH overwrite, allowing arbitrary code execution.
Joomla Component (com_yellowpages) is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'cat' in the URL. This can allow the attacker to gain access to the database and extract sensitive information.
Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file.
A Blind SQL Injection vulnerability exists in the Php Nuke 8.x.x web application. This vulnerability allows an attacker to inject malicious SQL queries into the application, which can be used to gain access to sensitive information stored in the database. The vulnerability exists in the 'modules/Web_Links/index.php' file, specifically in the 'Add' function. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the application, which contains malicious SQL code in the 'url' parameter. This will cause the application to execute the malicious code, allowing the attacker to gain access to the database.
Visual MP3 Splitter & Joiner 6.1 is vulnerable to a denial of service attack when a maliciously crafted .mp3 or .wav file is opened. This causes the application to crash.
dBpowerAMP Audio Player 2 is prone to a buffer overflow vulnerability when handling specially crafted arguments passed to the 'Enque' property of the 'target' ActiveX control. An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
This exploit allows an attacker to download the database of the Kleeja 1.0.0RC6 application. The attacker can send a GET request to the admin.php page with the cp=bckup parameter and a cmd parameter containing the command to be executed. The command is then executed and the output is included in the database backup file.
This exploit is a local denial of service vulnerability in the QQ Computer Manager TSKsp.sys driver. It is triggered by sending a DeviceIoControl call to the driver with a specific parameter. This causes the driver to crash, resulting in a denial of service.
myMP3-Player 3.0 is vulnerable to a buffer overflow vulnerability when a specially crafted .m3u file is opened. This can be exploited to execute arbitrary code by overwriting the return address with a pointer to the shellcode.
Services By CQR