KOL Wave Player 1.0 is vulnerable to a local buffer overflow vulnerability. By creating a specially crafted .wav file with an overly long URL, an attacker can cause a buffer overflow, resulting in arbitrary code execution.
KOL WaveIOX 1.04 is vulnerable to a local buffer overflow vulnerability. An attacker can exploit this vulnerability by creating a malicious .wav file with a long string of characters and loading it into the application. This will cause the application to crash and potentially execute arbitrary code.
Joomla 1.5.12 suffers from different kinds of vulnerabilities: path disclosure, unauthorized file upload, and local file inclusion. An attacker can use the local file inclusion vulnerability to include a malicious file from the server and get a connection back.
UGiA PHP UPLOADER V0.2 is vulnerable to a shell upload vulnerability. An attacker can exploit this vulnerability by sending a malicious file to the upload page and then accessing it via a web browser. This will allow the attacker to execute arbitrary code on the server.
AIC Audio Player 1.4.1.587 is vulnerable to a local crash when a specially crafted About.txt file is copied to the AudioPlayer folder and the AICAudioPlayer is run and the About button is clicked.
This exploit allows an attacker to add an admin user to the Status2k application. The attacker can use the Dork (allinurl:dynamicimg.php) to find vulnerable sites and then use the HTML form to add an admin user with the username and password of 'sec-war'.
This module exploits a stack-based buffer overflow within Phobos.dll of AOL 9.5. By setting an overly long value to 'Import()', an attacker can overrun a buffer and execute arbitrary code.
Winamp 5.572 is vulnerable to a stack buffer overflow vulnerability. An attacker can exploit this vulnerability by sending a specially crafted .pls file to the user. This will cause the application to crash and potentially allow the attacker to execute arbitrary code on the target system.
This exploit is for Winamp v5.572. It is a stack overflow exploit which uses a shellcode to execute a calculator. The exploit is written in Perl and creates a whatsnew.txt file with the malicious code. The malicious code consists of 540 A characters, 36 H characters, the shellcode, and 500 A characters.
A vulnerability in boastMachine v3.1 allows an attacker to upload a malicious file to the server. An attacker can join the site using the register.php page, log in using the login.php page, and then upload a malicious file to the server using the files.php?form_id=new page. The malicious file can then be accessed at the /files/username_Shell.php.rar URL.
Services By CQR