Input passed to the "layid" parameter in 'settings.asp' not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation extracts username and password of administrator in clear text.
This exploit is for IntelliTamper v2.07. It creates a file with a buffer of 1024 bytes, with the last 23 bytes containing shellcode that downloads and runs an executable file. The exploit is coded in C and uses memset, memcpy, and fputc functions.
WebAccess is the first fully web browser-based software package for human-machine interfaces (HMI), and supervisory control and data acquisition (SCADA). bwocxrun.ocx ActiveX component is prone to a remote code execution vulnerability by combination of some ActiveX methods to creating a arbitrary file in arbitrary location. The following exploit take advantage of windows WMI and .mof files to execute arbitrary code on the target machine.
This exploit allows an attacker to execute arbitrary commands on a vulnerable system. It requires the magic_quotes_gpc setting to be off. The exploit injects malicious code into the log files of the vulnerable system, which is then executed when the log file is accessed.
phpBazar is a web-based application written in PHP and MySQL. It is vulnerable to a Remote File Inclusion vulnerability and an Access to Admin Login and Password vulnerability. The Remote File Inclusion vulnerability is due to a lack of proper sanitization of user-supplied input to the 'language_dir' parameter in the 'classified_right.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system. The Access to Admin Login and Password vulnerability is due to a lack of proper authentication in the 'admin.php' script. An attacker can exploit this vulnerability to gain access to the admin login and password.
This exploit is a Denial of Service (DoS) vulnerability in Google Chrome. It is triggered by a malicious JavaScript code that creates a large number of Unicode strings and writes them to the page. This causes the browser to crash.
This vulnerability allows remote attackers to inject arbitrary web script or HTML via the "title" parameter of the AddFavorite() function in JavaScript. This vulnerability is due to a design error when handling user-supplied input.
libextractor is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform boundary checks on user-supplied data. An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
ScozNews v1.2.1 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the vulnerable server.
This vulnerability allows an attacker to bypass authentication on RealVNC 4.1.0 - 4.1.1. The vulnerability is due to a lack of authentication when connecting to the VNC server. An attacker can exploit this vulnerability to gain access to the VNC server without authentication.
Services By CQR