Caner Hikaye Scripti is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
A buffer overflow vulnerability exists in the Tags property of the SapGUI BI ActiveX control (wadmxhtml.dl) when processing a specially crafted HTML page. An attacker can exploit this vulnerability to execute arbitrary code in the context of the user running the affected application. This vulnerability affects SapGUI BI versions 7100.1.400.8 and prior.
Unreal Tournament III is currently the latest game (2007) of the Unreal series created by Epic Games. The game implements a particular command called STEAMBLOB which is handled in any case even if Steam is not running. This command accepts three arguments that are C, N and B and just this last one (doesn't matter what value it has) is the cause of a problem during the handling of some pointers that are left unitialized. The effect is the crash of the whole server due to the access to invalid memory or a NULL pointer. It's enough only one UDP packet to exploit the vulnerability so there are no limitations.
A vulnerability in Microsoft Internet Explorer 7.0 allows attackers to cause a denial of service (DoS) by exploiting multiple insecure ActiveX controls in Microsoft Clip Organizer. The vulnerability is caused due to an error in the processing of certain ActiveX controls when they are used in a web page. This can be exploited to cause a DoS condition by crashing the browser.
This module exploits a stack overflow in 3.0.8 MoreAmp Beta By creating a specially crafted .conf file, an an attacker may be able to execute arbitrary code.
User can bypass authentication by entering 'something' as username and ' OR '1'='1' as password.
AIXCOREDUMP.PL is an exploit that creates a coredump including the root user hash from /etc/security/passwd. The result file is scrambled and the user needs to seek for DES looking crypto keys. This exploit was successfully tested on IBM AIX 5.1 and discovered and exploited by Kingcope in July 2010.
This proof of concept exploits a vulnerability in Really Simple IM version 1.3 beta, which uses UDP to send and receive messages. It broadcasts everything, and picks up everything on port 54533. The exploit sends a 'p' command with a buffer of 'W00T' followed by 10000 'A' characters, which causes all clients in the same subnet to crash.
This exploit is used to exploit a format string vulnerability in the rpc.pcnfsd service. The exploit sends a malicious string to the service which is then used to call the syslog function, resulting in the execution of arbitrary code. The exploit has been tested against AIX 6.1.0 and lower.
Check Point Vulnerability Discovery Team (VDT) discovered a GhostScript 8.70 exploit for FreeBSD 8.0. The exploit is a 214 bytes shell_bind_tcp encoded with x86/alpha_upper. It creates an evil pdf with a buffer of 1200 bytes and appends the shellcode at the end of the buffer. The exploit is triggered when the pdf is opened.
Services By CQR