Google Chrome is vulnerable to an out-of-bounds array indexing bug, caused by the improper handling of FTP PWD command server responses. By persuading a victim to visit a specially-crafted web site containing an iframe pointing to a malicious FTP server, a remote attacker could exploit this bug and cause the browser to crash.
This exploit is a Denial of Service (DoS) vulnerability in uTorrent WebUI <= v0.370. It is triggered by sending a maliciously crafted HTTP request with an Authorization header containing a large number of 'A' characters. This causes the application to crash.
A Cross Site Request Forgery (CSRF) vulnerability was found in CMS Made Simple 1.7. An attacker could exploit this vulnerability by crafting a malicious HTML page that, when visited by an authenticated user, would add an admin user to the CMS Made Simple 1.7 system. The malicious HTML page would contain a form with hidden fields that would submit the user credentials to the adduser.php page. The attacker could then use the newly created admin user to gain access to the CMS Made Simple 1.7 system.
SimpNews version 2.16.2 and below is vulnerable to multiple SQL Injection vulnerabilities. The vulnerable files are news.php, master.php and announceprint.php. An attacker can exploit these vulnerabilities by sending malicious SQL queries to the vulnerable files. For example, an attacker can send a malicious query to news.php?category=[sql], master.php?newsnr=[sql] and announceprint.php?announcenr=[sql] to exploit the vulnerability.
A vulnerability exists in Simple Calculator by Peter Rekdal Sunde, which allows a remote attacker to upload arbitrary files on the vulnerable system. The vulnerability is due to an error in the upload.php script, which allows an attacker to upload arbitrary files on the vulnerable system. The vulnerability is due to an error in the upload.php script, which allows an attacker to upload arbitrary files on the vulnerable system. The vulnerability is due to an error in the upload.php script, which allows an attacker to upload arbitrary files on the vulnerable system.
A vulnerability in Profi Einzelgebots Auktions System allows an attacker to inject malicious SQL commands into the application. This can be exploited to gain access to sensitive information such as passwords from the database. The vulnerability is triggered when an attacker sends a specially crafted HTTP request containing malicious SQL commands to the vulnerable application. The application then processes the request and executes the malicious SQL commands, allowing the attacker to gain access to sensitive information.
A command injection vulnerability exists in PHP Jokesite V 2.0, which allows an attacker to execute arbitrary commands on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input in the 'execcommand' parameter of the 'exec.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. This may allow the attacker to execute arbitrary commands on the vulnerable system with the privileges of the web server process.
Several parts of the onepound shop / cms don't filter out HTMl or Java Script code, e.g. the search field. On 13th July 2009 Affix discovered that the products.php file is vulnerable for SQL injections. Browsing their shop systems and testing stuff revealed also other possibilities for injecting SQL stuff.
Musicbox Version 3.3 is vulnerable to an upload shell vulnerability. An attacker can exploit this vulnerability by accessing the up.php page without registering and then accessing the Ch99.php page to find the uploaded shell.
When a maliciously crafted .zip file is opened in Kwik Pay Payroll, the program crashes and becomes unresponsive.
Services By CQR