Minify4Joomla is a PHP5 app that can combine multiple CSS or JavaScript files, compress their contents, and cache them on demand to speed up page loads. An attacker can exploit this vulnerability by registering and submitting an article with an XSS attack pattern, which will be stored in the database and executed when the article is viewed.
IXXO Cart is an extremely powerful php shopping cart and web site builder application. Designed from a marketing perspective, this ecommerce application is feature-packed, robust, scalable and easy to use. A SQL injection vulnerability exists in the application, which can be exploited by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow an attacker to gain unauthorized access to the application and its data.
This exploit is a buffer overflow vulnerability in MP3 Cutter 1.5. The vulnerability is caused due to a boundary error when handling ASX files. By creating a specially crafted ASX file, an attacker can cause a stack-based buffer overflow, which can be exploited to execute arbitrary code.
The games are affected by an integer overflow in a particular type of packet that makes the following operations: takes the number from a 16 bit field (offset 4), multiplicates it by 1300, takes the 32 bit number after it at offset 6, substracts the first number from the second one, checks if the result is bigger than the size of the packet (signed), performs a byte-per-byte copying on a heap buffer. In some types of packets an 8bit value is used for accessing an array used for internal operations (pointers and so on). So through the setting of particular values for that 8bit field is possible to crash the server during these internal operations.
Microsoft OWA for Exchange 2007 implements no protection against CSRF, meaning that any web page visited by an authenticated user can trigger valid requests towards OWA and completely pwn the victim's mail account. This can be done by setting a filter (e.g. forward rule) for all incoming e-mails or setting remote wipe of the mobile device (e.g. iPhone) used to access mail account.
ClickGallery Server is a full featured online image gallery application. It supports multiple user accounts with the ability to have public/private galleries. An attacker can exploit a SQL injection vulnerability in the application by sending malicious SQL queries to the server via the 'currentpage' parameter in the 'gallery.asp' page.
The TYPE command in Windows is equivalent to cat in *nix. It simply outputs the contents of a file to stdout. If you use TYPE in conjunction with the device file CON, you can feed stdin into a file. Example: TYPE CON > evil.txt. CON is also interpreted as a file so you can append an extension to it. Supplying a overly large extension will overflow the structured exception handler. This buffer overflow is not exploitable since cmd.exe and it's DLLs are all compiled with SafeSEH.
KMSoft GB is vulnerable to SQL injection. An attacker can inject malicious SQL queries into the vulnerable parameter 'p' in the URL http://www.site.org/demo/KmsoftGB/default.asp?p=2[sqli], which can be used to access or modify the contents of the database.
PG Social Networking lets users start their own Social Networking Site with many advanced features. With the Social Networking Software, members can create profiles, search for others, instant message each other, and much more. An exploit exists that allows attackers to upload a shell as an image file.
Inout Adserver is powerful, feature rich, fully customizable PayPerClick advertiser/publisher networking script from inoutscripts.com. Advertisers can register into adserver and can post their text or banner PayPerClick(PPC) ads. Publishers can generate html code corresponding to their preferred style and can paste it in their web site to show ads relevant to their page content. Unpriviledged user could be Able to upload Shell and take over the control.
Services By CQR