A buffer overflow vulnerability exists in Foxit Reader Version 3.1.4.1125 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted argument to the OpenFile function, resulting in arbitrary code execution.
This exploit is a proof-of-concept (PoC) code for a heap overflow vulnerability in Microsoft Windows Defender ActiveX. The vulnerability is triggered when a maliciously crafted argument is passed to the DeleteValue method of the MsMpCom.dll library. This can lead to arbitrary code execution.
Hellcode Research discovered a null pointer vulnerability in OpenOffice for Windows. Opening a malformed ".slk" file with OpenOffice, causes a crash on "soffice.bin"
This exploit is a local stack overflow vulnerability in MP3 Studio v1.X. It was originally discovered by HACK4LOVE and was later modified by NeoCortex. The exploit is triggered when a malicious .m3u file is opened in the vulnerable application. This causes a buffer overflow which allows an attacker to execute arbitrary code on the target system.
Vulnerability is in Activex Control ("CDDBControl.dll") Sending a string to BindToFile() , triggering the vulnerability. Successful exploitation allow remote attackers to execute arbitrary code.
Soft Direct v1.05 is vulnerable to multiple vulnerabilities such as bypass login and XSS. An attacker can bypass the login page by accessing the admin/home.php and admin/settings.php page. An attacker can also inject malicious JavaScript code in the delete_confirm.php page to perform XSS attack.
Fatwiki (fwiki) is vulnerable to Remote File Include (RFI) vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, containing arbitrary code. This code is then executed by the web server.
A user with access to the “administrators” section could see other’s administrators passwords by viewing the html’s source code.
A vulnerability has been discovered in FreePBX, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "extdisplay" parameter to config.php is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
This exploit allows an attacker to remotely change the password of an al3jeb script. The attacker needs to provide the username, password and email address of the target account. The exploit was discovered by alnjm33 and tested on version 1.3 of the al3jeb script.
Services By CQR