This vulnerability allows an attacker to cause a denial of service (DoS) by creating a malicious AVI file and opening it in Winamp v5.571(x86). The malicious AVI file is a zero size file which causes a crash when opened in Winamp. The status of this bug can be found at http://forums.winamp.com/showthread.php?s=&threadid=316000. The code works on Python 3.0. To make it work on <3.0 remove braces in print.
Subdreamer Pro v3.0.4 CMS is vulnerable to an upload vulnerability. An attacker can register an account at http://127.0.0.1/index.php?categoryid=4 and then upload a malicious file to http://127.0.0.1/index.php?categoryid=2&p17_sectionid=2&p17_action=submitimage
MemDb Multiple Remote Dos is a vulnerability that allows an attacker to cause a denial of service (DoS) condition on a vulnerable server by sending a specially crafted HTTP request with an overly long 'Host' header. This vulnerability affects MemCompany v1.0, Memdb Memory Database System v1.02, and Memdb Online Survey Sistem v2006.
A buffer overflow vulnerability exists in GSM SIM Utility 5.15, which allows an attacker to execute arbitrary code by sending a specially crafted SMS file. The vulnerability is due to a lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can exploit this vulnerability by sending a specially crafted SMS file to the vulnerable application, which can result in arbitrary code execution.
CMSQLite and CMySQLite have CSRF vulnerabilites in the admin panel. Attacker can change the password of the admin.
The I-net Multi User Email Script has a SQL Injection vulnerability which can be exploited by sending malicious SQL queries to the vulnerable parameter 'uid' in the URL 'http://server/products/2daybizemail/php121_editname.php?uid=[sqli]'.
iBoutique.MALL is a powerful and flexible multi merchants php mall solution. It makes possible for the merchants to signup and create their online stores with ease. They could start selling their good within minutes without having any html knowledge. iBoutique.MALL offers a lot of useful functionalities for both merchants (to manage their product inventory and payments, invoice generation, statistics, ...) and administrators, to control the whole system. The exploit is demonstrated by a URL http://server/path/index.php?mod=products&cat=[sqli]
This exploit is a remote code execution vulnerability in UFO: Alien Invasion v2.2.1 IRC Client on MacOSX. It uses a combination of msfpayload and msfencode to generate a shellcode payload, which is then sent to the vulnerable application via an IRC message. The payload is then executed on the target system, allowing the attacker to gain remote access.
PageDirector Script Contains A SQL Injection Vulenrability In (Index.php) where an attacker can inject a malicious SQL query in the 'id' parameter. PageDirector Script Can Bypass The Login Page Of Admin And Add A New User by accessing the adduser.php page with the 'mode' parameter set to 'Add'.
PTCPay GEN4 is vulnerable to SQL injection in the buyupg.php page. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious SQL query to the buyupg.php page. This will allow the attacker to extract sensitive information from the database, such as the admin username and password.
Services By CQR