A stack-based buffer overflow vulnerability exists in Wireshark 1.2.5 due to improper bounds checking of the LWRES getaddrbyname request. An attacker can send a specially crafted LWRES getaddrbyname request to trigger a stack-based buffer overflow, resulting in arbitrary code execution.
The vulnerability exists due to the inclusion of user-supplied data in the includes_directory parameter of the 'moderation.php' script without proper sanitization. This can be exploited to include arbitrary files from remote web servers and execute arbitrary SQL commands via the 'get' parameter of the 'index.php' script.
This exploit is for NovaPlayer 1.0 (.mp3) Local Denial of Service (DoS). It creates a tro0oqy.mp3 file with 10000 'A' characters, which causes the application to crash when opened.
This vulnerability allows an attacker to upload malicious files to a vulnerable web server. The attacker can upload a malicious file such as a shell script, which can be used to gain access to the server. The attacker can then execute arbitrary code on the server.
This exploit allows an attacker to inject malicious SQL code into the vulnerable application. The malicious code is then executed by the application, allowing the attacker to gain access to sensitive data such as usernames and passwords. The vulnerable application in this case is the Joomla component "Videos" which is vulnerable to SQL injection. The exploit is triggered by sending a specially crafted HTTP request to the vulnerable application. The request contains a malicious SQL statement which is then executed by the application.
A vulnerability in the Joomla jw_allvideos plugin allows an attacker to download arbitrary files from the server. This is due to the lack of input validation in the download.php file, which allows an attacker to craft a malicious URL and download any file from the server.
This vulnerability allows an attacker to inject malicious SQL commands into the vulnerable application. The vulnerable parameter is the ‘id’ parameter in the ‘com_akogallery’ component. By manipulating the ‘id’ parameter, an attacker can inject arbitrary SQL commands into the application. This vulnerability affects Mambo versions 4.6.2 and earlier.
A SQL injection vulnerability exists in JTL-Shop 2 druckansicht.php. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords.
ShortCMS is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries to view, add, modify, or delete records in the back-end database. This may result in the disclosure or manipulation of sensitive data, or the unauthorized manipulation of application data.
Calendarix is vulnerable to SQL injection. The vulnerability exists in the 'cal_day.php' script, when the 'op' and 'catview' parameters are not properly sanitized before being used in a SQL query. An attacker can exploit this vulnerability to gain access to the application and the underlying database.
Services By CQR