Mini-stream Ripper 3.0.1.1 is vulnerable to a buffer overflow vulnerability when processing malicious .m3u files. An attacker can exploit this vulnerability by crafting a malicious .m3u file and sending it to the victim. When the victim opens the malicious file, the attacker can execute arbitrary code on the victim's system.
A vulnerability exists in ispCP Omega version 1.0.4 which allows an attacker to include a remote file via the 'net2ftp_globals[application_skinsdir]' parameter in the 'admin1.template.php' script. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
A vulnerability exists in Softbiz Jobs & Recruitment Script, which allows an attacker to inject malicious SQL commands into the search_result.php page via the 'cid' parameter. This can be exploited to gain access to the admin credentials by sending a specially crafted request to the vulnerable page.
The vulnerability exists in the PhpCityPortal software, which is vulnerable to multiple SQL injection attacks. Attackers can exploit the vulnerability by sending malicious SQL queries to the vulnerable parameters in the URL. This can allow attackers to gain access to sensitive information stored in the database, such as user credentials, or even execute malicious code on the server.
The vulnerability occurs due to insufficient sanitization of user-supplied data when logging onto the FriendlyTR69 CPE Remote Management. Successful exploitation may result in an attacker obtaining admin access to the FriendlyTR69 CPE Remote Management. The exploit is done by using the username ' or 1=1-- and password ' or 1=1--.
Nus.php?pageNum_RSnews=0&id= is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL statements to the vulnerable script. For example, http://[host]/[path]/[script].php?pageNum_RSnews=0&id=9999999+union+select+1,2,3,user,5,pass,7,8,9+from+reguser--
Input passed via the 'page_id' parameter to page.php is not properly sanitised before being used in a SQL query.
A SQL injection vulnerability exists in mhproducts kleinanzeigenmarkt search.php, which allows an attacker to execute arbitrary SQL commands on the underlying database. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable application. This can result in the disclosure of sensitive information, such as user credentials, or the manipulation of data.
JAD java decompiler 1.5.8g is vulnerable to a stack overflow vulnerability when a specially crafted .class file is opened. This can be exploited to cause a denial of service condition when the application is opened.
The software crashes when it gets an argument that is between 0x1fc9 to 0x1fdc bytes.
Services By CQR