This exploit is a buffer overflow vulnerability in Winamp 5.572. The vulnerability is triggered when a maliciously crafted whatsnew.txt file is opened in Winamp. This causes a buffer overflow in the application, allowing an attacker to execute arbitrary code on the vulnerable system.
This vulnerability causes a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags.
This vulnerability causes a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags.
An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application.
Input var id is vulnerable to SQL Code Injection. An attacker can execute arbitrary SQL queries by sending a specially crafted request to the vulnerable application. This vulnerability has been confirmed in version 0.51 but other versions may also be affected.
OpenDb 1.5.0.4 is vulnerable to Local File Inclusion (LFI) attacks. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The vulnerable files are include/begin.inc.php and functions/site_plugin.php. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The vulnerable files are include/begin.inc.php and functions/site_plugin.php. The attacker can use the ‘_OPENDB_THEME’ and ‘site_plugin_classname’ parameters to inject malicious code into the vulnerable server.
Multiple input vars are vulnerable to SQL code injection. Proofs of concept are provided in the text, which demonstrate how to execute arbitrary SQL queries.
Input var cid[] is vulnerable to SQL Code Injection. A malicious user can execute arbitrary SQL queries by exploiting this vulnerability.
Input var id is vulnerable to SQL Code Injection. It allows an attacker to execute arbitrary SQL queries.
Multiple input vars are vulnerable to SQL code injection. A proof of concept is provided which shows that an attacker can execute arbitrary SQL queries by exploiting the vulnerable parameters. The vulnerable parameters are 'searchword', 'id', 'section_id' and more.
Services By CQR