Rediff Bol Downloader ActiveX control allows any webpage to download and spawn file. These file can be of any type. No filtering is done. IE Displays an alert, if the code points to a executable file on the internet. But execution of local files displays no alert.
MDForum 2.0.1 is prone to a remote code execution vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary code within the context of the vulnerable application.
FormBankServer is prone to a remote buffer overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application. This issue affects FormBankServer version 1.0.0.0 and prior.
A buffer overflow vulnerability exists in the FileView ActiveX control included with Winzip 10.0. The vulnerability is caused due to a boundary error when handling overly long strings passed to the CreateNewFolderFromName() method. This can be exploited to execute arbitrary code by tricking a user into visiting a malicious web page.
P-News versions 1.17 and 1.16 are vulnerable to a remote password disclosure vulnerability. An attacker can access the user.dat file located at http:/[target]/[path]/db/user.dat to view the admin name and hash. The password can be cracked with any md5 encrypt or injected into a cookie editor such as FireFox or Opera.
A vulnerability in Sv(ADP) Forum 2.0.3 allows an attacker to remotely disclose the admin password by accessing the admin.txt file. The attacker can also register and inject the info in any cookie editor such as FireFox or Opera.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'boarddir' parameter to '/wp-content/plugins/Enigma2.php'. This can be exploited to include arbitrary files from remote hosts and execute arbitrary PHP code.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'boarddir' parameter to '/bridge/enigma/E2_header.inc.php' script. A remote attacker can include arbitrary files from remote resources and execute arbitrary PHP code on the vulnerable system.
Go to http://site/[path]/admin/create_uploader.php, Enter the name of the uploader, Enter the password, Click Create
This exploit allows an attacker to inject malicious SQL code into the vulnerable application. The exploit is triggered when the application uses user-supplied input without proper validation. This can allow an attacker to gain access to sensitive information such as usernames and passwords stored in the database.
Services By CQR