PHP Calendars Script allows you to instantly create an online store to sell Calendars as a Calendars.com affiliate. The script comes complete with a default template, integrated Google Adsense, and a current copy of the Calendars.com datafeed. An attacker can exploit a SQL injection vulnerability in the product_list.php script by supplying a malicious SQL query in the cat parameter.
Overstock script is a PHP based script that can be used to display product data from the Overstock XML data feed. The script comes complete with a default template to get you started. It completely separates PHP logic and HTML look. Code: PHP 4.0. A SQLi vulnerability exists in the storecat.php file, which can be exploited by passing malicious SQL queries through the 'store' parameter.
SimpleAssets is a web based asset management system to track assets, employees, software licenses, ip addresses and asset sign in and sign out. An authentication bypass vulnerability was found in the Admin Login page, where the string a' or '1'='1 can be used for Username and Password to gain access. An XSS vulnerability was also found, where a malicious script can be injected in the parameter '"--><script>alert(0x000872)</script> to execute arbitrary code.
MoreAmp (.maf) local Stack Buffer Overflow (SEH) is a vulnerability that allows an attacker to execute arbitrary code on the vulnerable system by overflowing a buffer on the stack. The vulnerability is triggered when a specially crafted .maf file is opened, which causes a buffer overflow and overwrites the SEH handler. The attacker can then execute arbitrary code on the vulnerable system.
This exploit is a local universal stack overflow exploit for Orbital Viewer v1.04 (.orb/.ov). It uses a universal pop ebx - pop eax - ret at 0x00457C03 [ov.exe] to gain control of the execution flow and then executes a shellcode to launch a calculator.
A buffer overflow vulnerability exists in Hacker Evolution: untold Mod Editor version 2.00.001. The vulnerability is caused due to a boundary error when handling specially crafted MOD files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted MOD file. Successful exploitation may allow execution of arbitrary code.
A Cross-Site Request Forgery (CSRF) vulnerability exists in WebsiteBaker 2.8.1. An attacker can exploit this vulnerability to add a new administrator user to the application without requiring any authentication. The attacker can craft a malicious HTML page containing a form with the necessary parameters to add a new user and submit it to the vulnerable application. This will add a new administrator user to the application.
SnowCade v3 is vulnerable to SQL Injection. Attackers can inject malicious SQL queries via the 'cat' and 'gameid' parameters in the 'index.php' script. An example of a malicious query is '31%20UNION%20SELECT%201,CONCAT_WS%28CHAR%2832,58,32%29,username,password%29,3,4,5,6+from+users%20limit%201,1--' which can be used to extract sensitive information from the database.
The vulnerability is caused due to the 'ladder[id]' parameter not being sanitized properly and it allows an attacker to inject or manipulate SQL queries.
A buffer overflow vulnerability exists in MoreAmp, a media player for Windows. The vulnerability is caused due to a boundary error when handling specially crafted .maf files. This can be exploited to cause a stack-based buffer overflow via an overly long string in a specially crafted .maf file. Successful exploitation may allow execution of arbitrary code.
Services By CQR