If an unauthenticated user or attacker sends any number of bytes greater than 1 to port 80 without a proper request line, such as, [ GET /somepath/file.cgi ] the http daemon triggers a crash on thread at 0x8054b9ac Rajko HttpD.
Rayzz Photoz is prone to a remote file-upload vulnerability because it fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
EMO Realty Manager is a full PHP/MySQL content management system for property companies, real estate agents or FSBO site. Built using PHP and MySQL, this real estate website management tool allows for easy updates of properties with image upload, category management, listing management, custom usage statistics, mailing list management, easy to use advanced PHP template system and much more. The vulnerability exists in the URL http://server/emorealty/googlemap/index.php?cat1=[Sqli], which is vulnerable to SQL injection.
CafeEngine CMS V2.3 is vulnerable to SQL injection. Attackers can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. This vulnerability is due to the lack of input validation in the "search.php" script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable script.
Castripper 2.50.70 is vulnerable to a stack buffer overflow vulnerability when a specially crafted .pls file is opened. This exploit bypasses DEP by using a combination of gadgets from the application's DLL and a hardcoded wpm() and XCHG EAX,EBX from ntdll.dll (non-ASLR).
This PoC exploit is for a stack overflow vulnerability in SureThing cd labeler (m3u/pls). It was found by Ruben Alejandro and written by Steven Seeley. It is a Unicode exploit that uses 0x00410041. The exploit is used by compiling the code with lcc-win32 and executing it to create a .m3u file. The user then clicks on 'playlists' --> 'Import Playlist from Hard Drive' --> 'Import playlist from a file on my computer' --> for filetype select 'Generic m3u/pls file' --> open evil m3u file --> boom.
With MCLogin System your visitors can login or register a new account. It is written in PHP and the data is stored in a MySql database.Very easy to install or to customize to meet your needs. You can add it to your pages with just one link. The Provided Script as Sqli Vulnerability in Admin Login page. Use the string a' or '1'='1 for Username and Password to gain access.
A proof-of-concept exploit for a stack buffer overflow vulnerability in Audio Converter 8.1. The exploit uses ROP to bypass DEP protection and call WPM.
Easy CD-DA Recorder 2007 SEH Buffer Overflow is a vulnerability that allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability is caused by a buffer overflow in the Easy CD-DA Recorder 2007 software. The vulnerability can be exploited by sending a specially crafted payload to the vulnerable application. The payload contains a malicious code that is executed when the application processes the payload. The malicious code can be used to gain access to the vulnerable system and execute arbitrary code.
Audio Converter 8.1 is vulnerable to a stack buffer overflow vulnerability. This vulnerability can be exploited by an attacker to execute arbitrary code on the target system. The vulnerability is caused due to a boundary error when handling specially crafted .wav files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .wav file. Successful exploitation may allow execution of arbitrary code.
Services By CQR