QQPlayer cue File Buffer Overflow Exploit is a vulnerability in QQPlayer which allows an attacker to execute arbitrary code by overflowing a buffer in the application. The vulnerability is caused due to a boundary error when handling cue files. By sending a specially crafted cue file, an attacker can cause a buffer overflow and execute arbitrary code.
RapidLeech scripts are vulnerable to remote file upload. An attacker can upload a malicious file to the server by changing the name of the shell code to shell.php.001 or shell.php.00 and then accessing it via the URL http://site.com/0x14/shell.php.001 or http://site.com/0x14/shell.php.00
QQPlayer is vulnerable to a buffer overflow when processing specially crafted .asx files. An attacker can exploit this vulnerability by sending a malicious .asx file to the victim, which when opened, will cause a buffer overflow and execute arbitrary code on the victim's machine. The vulnerability affects QQPlayer versions <=2.3.696.400p1 and is triggered when a specially crafted .asx file is opened. The payload used in this exploit is calc.
A cross-site request forgery vulnerability in Microsoft Office Outlook Web Access for Exchange Server 2003 can be exploited to add an automatic forwarding rule (as PoC) to the authenticated user's account.
Imagine-cms version 2.50 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the application's database, including usernames and passwords stored in plaintext. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'page' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'select_db' parameter to the 'login_chat.php' script. A remote attacker can send a specially crafted HTTP request containing an arbitrary file name in the 'select_db' parameter, which will be included and executed by the vulnerable script. This can be exploited to execute arbitrary PHP code on the vulnerable system.
Through a malformed packet is possible to corrupt the memory of the game with effects that seem to suggest the possibility for an attacker to do something more than the crashing of the server. Indeed the problem affects some function pointers so it's not exclude the possibility to execute arbitrary code.
A vulnerability exists in Joomla Component com_spa, which allows an attacker to inject malicious SQL commands via the 'pid' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can result in the disclosure of sensitive information from the database, such as usernames and passwords.
A vulnerability exists in Mayasan Portal v2.0, which allows an attacker to inject arbitrary SQL commands into the 'haberdetay.asp?id' parameter. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Mayasan Portal v2.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
Services By CQR