This exploit is for Media Player Classic 6.4.9.1 (.avi) which is a media player for Windows. The exploit is coded by cr4wl3r and it is a buffer overflow exploit. It creates a malicious .avi file which when opened with Media Player Classic, can cause a buffer overflow.
This exploit is a denial of service attack against VKPlayer 1.0. It creates a malicious .mid file which, when opened with VKPlayer, causes the application to crash. The exploit is coded in Perl and creates a file with a malicious header.
This exploit is for Winamp 5.57 (Browser) IE Denial of Service. It can be triggered by changing the Winamp skin to Bento, pressing ALT + X to open the browser, and then dragging or loading a file to the browser. This exploit was coded by cr4wl3r and tested on Windows XP (SP2).
A buffer overflow vulnerability exists in Windows Media Player 11.0.5721.5145 when processing .mpg files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user. This vulnerability is caused by an integer division by zero error when processing a specially crafted .mpg file.
Article Friendly is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to access or modify critical data, or even allow the execution of arbitrary code on the underlying server.
Security-Assessment.com discovered that multiple Adobe products with different Data Services versions are vulnerable to XML External Entity (XXE) and XML injection attacks. XML external Entities injection allows a wide range of XML based attacks, including local file disclosure, TCP scans and Denial of Service condition, which can be achieved by recursive entity injection, attribute blow up and other types of injection.
A vulnerability exists in phpBugTracker v1.0.1 which allows an attacker to view sensitive files on the server. By sending a specially crafted HTTP request to the attachment.php script, an attacker can view the contents of any file on the server.
The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'vbseourl' parameter in 'vbseo.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary PHP code on the target system with the privileges of the webserver process.
The vulnerability exists due to insufficient validation of user-supplied input in 'id' parameter of 'showimg.php' script. A remote attacker can execute arbitrary HTML and script code in browser in context of the vulnerable website. Also, an attacker can inject arbitrary SQL commands to the application. Additionally, an attacker can inject arbitrary XPath commands to the application.
The vulnerability allows an attacker to inject malicious code into the vulnerable application. The attacker can inject malicious code into the vulnerable application by sending a malicious URL to the victim. The malicious URL contains a malicious script which is executed when the victim visits the URL. The attacker can also upload a malicious shell to the vulnerable application by sending a malicious file to the vulnerable application. The malicious file is then executed when the victim visits the vulnerable application.
Services By CQR