This exploit is a 0-day heap spray vulnerability in the Advanced File Vault ActiveX control (eSellerateControl350.dll). It uses a heap spray technique to overwrite the return address of a function call with a pointer to the malicious shellcode. The malicious shellcode is then executed, allowing the attacker to gain control of the system.
LibTIFF is prone to a denial-of-service vulnerability because it fails to properly validate user-supplied input. An attacker can exploit this issue to crash an application that uses the vulnerable library, denying service to legitimate users. Due to the nature of this issue, attackers may be able to execute arbitrary code, but this has not been confirmed.
Tycoon(CMS) is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a crafted request to the vulnerable application. By sending a specially crafted request to the vulnerable application, an attacker can execute arbitrary SQL commands in the back-end database. This can be used to access or modify the data in the back-end database.
A vulnerability exists in Joomla Component com_neorecruit 1.4 (id) which allows an attacker to inject arbitrary SQL commands. This can be exploited to disclose sensitive information from the database, modify data, or potentially compromise the system by executing malicious commands.
The usr_img parameter in cgtestimonial.php (frontend) and in testimonial.php (admin, without checks) is not properly sanitised. A check is executed on the content-type HTTP field. The url parameter in video.php is not properly sanitised before being printed on screen.
A heap overflow vulnerability exists in Windows when using the GlobalAlloc() function. An attacker can exploit this vulnerability by supplying a malicious BITMAPINFOHEADER structure to the GlobalAlloc() function, which can lead to a heap overflow. This vulnerability is tracked by CVE-2008-0081 and is rated as critical with a CVSS score of 9.3.
The vulnerability exists due to failure in the "user/main/update_user" script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability.
User can execute arbitrary JavaScript code within the vulnerable application. The vulnerability exists due to failure in the admin/update script to properly sanitize user-supplied input in 'post[title]' variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. An attacker can use browser to exploit this vulnerability.
The vulnerability exists due to failure in the "/user/update" script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability.
The vulnerability exists due to failure in the "/application/modules/admin/controllers/users.php" script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability.
Services By CQR