Adobe Photoshop CS4 Extended suffers from a buffer overflow vulnerability when dealing with .ASL (styles) format file. The application failz to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the atacker to gain the power of executing arbitrary code or denial of service.
Adobe Photoshop CS4 Extended suffers from a buffer overflow vulnerability when dealing with .GRD (gradients) format file. The application failz to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the atacker to gain the power of executing arbitrary code or denial of service.
Adobe Photoshop CS4 Extended suffers from a buffer overflow vulnerability when dealing with .ABR (brushes) format file. The application failz to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the atacker to gain the power of executing arbitrary code or denial of service.
RapidWareX v2.0.1 (WebUI) is prone to a post-authentication CSRF vulnerability, which allows the attacker to have control over certain actions for the downloader such as Start/Retry, Pause, Clear All, Clear Finished, Add Links, etc. The example below clears all the downloads when the victim enters the page.
A SQL injection vulnerability exists in the Book Gallery application, which allows an attacker to inject malicious SQL queries via the 'id' parameter in the 'aboutbook.php' script.
A SQL injection vulnerability exists in Multi Vendor Mall (pages.php) which allows an attacker to execute arbitrary SQL commands on the underlying database. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the 'pages.php' script. An example of a malicious SQL query is 'http://[site]/pages.php?id=7+union+select+group_concat(EMAIL,0x3a3a,PASSWORD,0x3c62723e)+from+members_tbl--'
Spaceacre is vulnerable to SQL/XSS/HTML injection. An attacker can inject malicious SQL/XSS/HTML code into the vulnerable parameters of the application. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code, to disclose sensitive information from the database, to execute arbitrary HTML and script code in the browser of the victim, to bypass authentication and authorization mechanisms, and to perform a wide range of other malicious activities.
A SQL injection vulnerability exists in Webit CMS, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'sid' parameter of the 'main.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. This can allow the attacker to gain access to sensitive information stored in the database, modify or delete data, or even execute arbitrary system commands on the server.
A vulnerability exists in the page_show.php script of Design by web5000, which allows an attacker to inject arbitrary SQL commands. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'id' parameter in the 'page_show.php' script.
Open&Compact Ftp Server 1.2 is vulnerable to a Universal Pre-Auth Denial of Service attack. This attack is caused by sending a specially crafted command with a large amount of data to the server. This causes the server to crash and become unresponsive.
Services By CQR