The Microsoft Windows GDI+ library 'gdiplus.dll' is prone to a denial-of-service vulnerability because the software fails to handle malformed image files properly. An attacker may leverage this issue to trigger a denial-of-service condition in software implementing the vulnerable library. Other attacks may also be possible.
The Hitron Technologies CDE-30364 router is prone to CSRF vulnerabilities which allow attackers to change router parameters and perform modifications. The exploit allows enabling/disabling web site blocking and adding new keywords/URLs for blocking. It also allows enabling/disabling the Intrusion Detection System.
PHP Pro Bid is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
1. XSS (Reflected): CMS suffers from cross site scripting due to lack of user's input sanitization.Exploit: http://192.168.0.106/zimplit/zimplit.php?action=load&file=[XSS]http://192.168.0.106/zimplit/zimplit.php?action=load&file=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28944002%29%3C%2fScRiPt%3E2. CSRF / Directory traversal: The following URL provides files' lists to attacker. Although it requires authorized user such as admin, with an appropriate javascript exploit an attacker is capable of having administrator's view of vulnerable link.Exploit: http://192.168.0.106/zimplit/zimplit.php?action=listAllFiles&file=[Directory]
The D-Link DSL-2640B's web interface is prone to CSRF vulnerabilities which allows to change router parameters and perform modifications to the router's parameters. The specific changes described in the advisory are disabling/enabling Wireless MAC Address Filter, disabling/enabling all the Firewall protections, and enabling/disabling Remote Management.
Three proof-of-concept exploit files have been released that trigger vulnerabilities in Microsoft PowerPoint. It is currently unknown if these exploits target newly discovered vulnerabilities or exploit previously disclosed issues. These vulnerabilities may allow remote attackers to cause crashes or execute arbitrary machine code in the context of the affected application. Microsoft PowerPoint 2003 is confirmed to be vulnerable.
Three proof-of-concept exploit files have been released for Microsoft PowerPoint. It is unknown if these exploits target newly discovered vulnerabilities or previously disclosed issues. These vulnerabilities may allow remote attackers to cause crashes or execute arbitrary machine code in the context of the affected application.
This exploit targets the named INFOLEAK and TSIG bug in BIND 8.2.x versions. It is a Linux-only shellcode and is provided for demonstration purposes only. The exploit is considered broken with several errors, but it can be fixed with some understanding of how it works.
This vulnerability allows attackers to corrupt process memory and execute arbitrary code in the context of targeted users.
The AdPlug library is affected by multiple remote buffer-overflow vulnerabilities. These issues are due to the library's failure to properly bounds-check user-supplied input before copying it into insufficiently sized memory buffers. These issues allow remote attackers to execute arbitrary machine code in the context of the user running applications that use the affected library to open attacker-supplied malicious files.
Services By CQR