SuperLink Script 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'more-news.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL code in the 'id' parameter.
eazyPortal version 1.0.0 is vulnerable to multiple XSRF vulnerabilities and persistent XSS. An attacker can exploit this vulnerability by sending a malicious form to the target website to change the admin password, or by sending a malicious link to the target website to inject malicious code into the website. The attacker can also exploit this vulnerability to remove private messages and news by id.
This exploit allows an attacker to tamper with the data sent to the Proxyroll.com Clone PHP Script. By using the Tamper Data add-on for Firefox, an attacker can modify the value of the "a3" parameter and the "currency_code" parameter to manipulate the amount of money sent to the script.
NetTransport Download Manager version 2.90.510 is vulnerable to a SEH overwrite vulnerability. An attacker can exploit this vulnerability by sending a specially crafted packet to the eMule file sharing protocol on port 31491. This packet contains an egghunter which is used to find a shellcode (calc.exe) and an SEH overwrite which leaves only 60 or so bytes after the p/p/r. This exploit was tested on Windows XP SP3.
HLstatsX Community Edition suffers from a XSS vulnerability. The vulnerability can be exploited by sending a maliciously crafted URL to the vulnerable application. The URL contains a payload which is executed in the browser of the victim.
This exploit is a buffer overflow vulnerability in MP4 Player 4.0. It allows an attacker to crash the application by creating a malicious .m4v file with 2000 'A' characters. The malicious file is then opened with the application, causing it to crash.
This exploit is a buffer overflow vulnerability in GOM Player version 2.1.9. It allows an attacker to crash the application by creating a malicious ASX file containing 2000 'A' characters. When the application attempts to open the file, it will crash.
This exploit creates a file named SarBoT511.ape with 2000 'A' characters, which causes a denial of service when the file is opened in VSO Media Player version 1.0.2.2.
An attacker can bypass authentication by entering 'admin_name' as the username and 'x' or '1=1--' as the password in the Members Login window of the DZOIC ClipHouse software.
A vulnerability in the Joomla Component com_avosbillets allows an attacker to inject malicious SQL commands into the application. This can be exploited to gain access to the admin login credentials.
Services By CQR