An authentication bypass vulnerability exists in Hosting-php-dynamic, which allows an attacker to gain access to the admin panel and admin information without authentication. This is done by accessing the URL http://127.0.0.1/Hosting-php-dynamic/admin/nav.php and http://127.0.0.1/Hosting-php-dynamic/admin/setup/index.php.
An attacker can exploit this vulnerability by accessing the admin area of the Snipe Photo Gallery application and then accessing the upload page. This allows the attacker to upload malicious files to the application.
A buffer overflow vulnerability exists in Easy Icon Maker when handling .ico files. An attacker can exploit this vulnerability by creating a malicious .ico file and sending it to the victim, resulting in a crash of the application.
The vulnerability allows an attacker to gain access to the admin information by accessing the URL http://127.0.0.1/kora/install.php?go=3
A SQL injection vulnerability exists in Easy-Clanpage version 2.1 and prior. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames, passwords, and emails. The exploit is achieved by sending a malicious HTTP request to the vulnerable application, such as http://www.site.com/Easy-Clanpage/?section=gallery&action=kate&id=1 union+select+1,2,concat(username,0x3a,password,0x3a,email),4,5,6,7+from+ecp_user+where+userid=1--
An authentication bypass vulnerability exists in Huron CMS 8 11 2007 due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to bypass authentication and gain access to the application. The vulnerability is due to the application not properly sanitizing user-supplied input to the ‘usr’ and ‘pas’ parameters of the ‘index.php’ script. An attacker can exploit this vulnerability by supplying a specially crafted input containing an SQL statement that when executed will bypass authentication.
An attacker can bypass authentication by entering ' or '1=1 as the username and 1nd0u as the password. This will allow the attacker to access the admin page and upload malicious files to the server. The attacker can then access the malicious files by going to http://127.0.0.1/satallitex/img/Ch99.php.
Xilisoft Blackberry Ring Tone Maker software crashes when you open a legit .wma file that is beyond the maximum length for a path. The exploit involves running a code to change a legit .wma file and then making sure that the file is placed on the Windows OS deep enough to open pass the 260 'MAX PATH' limit.
ASX to MP3 Converter Version 3.0.0.100 is vulnerable to a local stack overflow exploit. The vulnerability is triggered when a maliciously crafted .asx file is opened, which can lead to arbitrary code execution. The exploit code builds a malicious .asx file containing a shellcode and a return address, which is then used to overwrite the stack and execute the shellcode.
A buffer overflow vulnerability exists in Shadow Stream Recorder 3.0.1.7 when a specially crafted .asx file is opened. This could allow an attacker to execute arbitrary code on the vulnerable system with the privileges of the user running the application.
Services By CQR