A vulnerability in Php Blue Dragon Platinum allows remote attackers to execute arbitrary code by including a malicious file in the vsDragonRootPath parameter in a URL to popup_finduser.php.
DVD X Player 5.5 Pro is vulnerable to a buffer overflow vulnerability when a long string of data is sent to the application. This can be exploited to execute arbitrary code by overwriting the SEH handler with a pointer to the malicious code. Bypassing ASLR is possible by using a non-ASLR enabled module. Egghunter is not needed as there is at least 2000 bytes for shellcode.
Foing is vulnerable to a remote file include vulnerability. This vulnerability is due to the 'phpbb_root_path' variable in the 'config.php' file not being properly sanitized before being used in a file include call. An attacker can exploit this vulnerability by passing a malicious URL in the 'phpbb_root_path' parameter. This can allow the attacker to execute arbitrary code on the vulnerable system.
Unclassified NewsBoard (short UNB) is an open-source, PHP-based internet bulletin board system. The vulnerability exists in unb_lib/abbc.conf.php at lines 635-641, where the $ABBC['Config']['smileset'] variable is not initialized before being used to include files. This can be exploited by including arbitrary files with a null byte termination exploiting the local inclusion vulnerability.
Internet Explorer suffers from a DoS vulnerability in which a remote user's Internet Explorer session can be crashed when hovering their cursor over a specially made table. The fault occurs when the 'position' CSS attribute is set to a table, resulting in an 'unhandled exception in iexplorer.exe(MSHTML.DLL)'.
A remote file inclusion vulnerability exists in the pafiledb_constants.php script of pafileDB. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the vulnerable server.
S24EvMon.exe is a service which is part (at least) of the Intel PROset/Wireless software. This application is provided by Intel in order to support intel Wireless Devices based on Spectrum 24 chipsets. This service uses a shared memory section which is created without the proper security descriptor, allowing unprivileged users to perform operations like Delete, Read or Write into the memory. The section is named S24EventManagerSharedMemory. This shared memory is used to store ,in plain text, confidential information like WEP Key, Passwords.
This exploit will result in swapping memory to filesystem on the remote side plus killing of processes when running out of swap space. Remote System becomes unstable.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the returnpath parameter. This can allow the attacker to execute arbitrary code on the vulnerable system.
This exploit allows an attacker to include a remote file containing arbitrary code, which is then executed by the vulnerable web application. This exploit was c0ded by ReZEN and was posted on milw0rm.com in 2006.
Services By CQR