The KubeBlog application is vulnerable to Cross-Site Request Forgery (XSRF) attacks. An attacker can craft a malicious HTML form and submit it to the vulnerable application, which will add a new user with administrator privileges. This can be done without the user's knowledge or consent.
WiNamP V5.572 is vulnerable to a local crash due to a buffer overflow. The vulnerability is triggered when a specially crafted SWF file is opened in the application. This causes the application to crash.
MS17-010 is a critical security update that addresses a vulnerability in Microsoft Server Message Block (SMB) version 1 (SMBv1). The vulnerability is remotely exploitable and allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability is caused by a memory corruption bug in the SMBv1 protocol.
This exploit uses a long Unicode string to cause a denial of service in all browsers. The number of strings increases the amount of memory consumed, quicker crash where applicable. The exploit was tested on Windows 7 and caused a crash reporter in Firefox 3.6.4, hangs in IE 8.0.7600.16385, Opera 10.51, and Safari 4.0.5, and crashes with Gecko, Webkit, and Trident engines in Lunascape6.
This exploit is a fork bomb which uses JavaScript to open multiple windows of the same page, causing the browser to crash. It is triggered by the onload and onunload events in the body tag.
A vulnerability exists in Joomla 1.6.0-Alpha2 which allows an attacker to inject malicious JavaScript code into the mailto, subject, from, and sender fields of the mailto component. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site when the malicious link is clicked.
Gallo 0.1.0 is vulnerable to a Remote File Include vulnerability, which allows an attacker to include a remote file, usually through a malicious URL, and execute arbitrary code on the vulnerable server. This vulnerability works only when magic_quotes_gpc is set to off.
This exploit allows an attacker to upload a malicious file to a vulnerable server. The malicious file is then executed on the server, allowing the attacker to gain access to the server. The exploit is triggered by setting the iframe src property to an external document containing the window.print() command. This allows the user to bypass the first print popup.
Openannuaire Openmairie Annuaire 2.00 is vulnerable to remote file include and local file include.
A vulnerability in Burning Board Lite 1.0.2 allows an attacker to upload a malicious shell to the vulnerable server. The attacker can access the shell by visiting the register.php and usercp.php pages, and then finding the shell in the images/avatars/ directory.
Services By CQR