RechnungsZentrale V2 version 1.1.3 and likely older versions are vulnerable to Remote Inclusion and SQL Injection. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable server with the rootpath parameter set to a malicious URL. Additionally, an attacker can use a specially crafted username and password to bypass authentication and gain access to the system.
AVIPreview 0.26 Alpha is vulnerable to a Denial of Service attack. The application reads memory via a null pointer, causing an Access Violation Exception. An attacker can force something malicious to the ECX register (.data is RW) and gain code execution. To exploit this vulnerability, an attacker must open a specially crafted AVI file in AVIPreview, select 'No' when the MessageBox with an error appears, navigate to the File menu and pick the recent file (which points to the AVI file). This will cause the application to crash.
This exploit allows an attacker to disclose the path of a Mambo/Joomla website and perform a remote denial of service attack on an IIS server using the isapi mod.
There is directory traversal vulnerability in the checkview(Ã¥ºä). Exploit Testing involves sending a crafted HTTP request to the vulnerable application, which can be used to access files outside the web root directory.
PCPIN Chat is vulnerable to an arbitrary local inclusion vulnerability in the "language" argument when selecting a language, which allows an attacker to include a GIF file and launch commands.
Exploit Buffer Overflow CoolZip 2.0 is a vulnerability in CoolZip 2.0 which allows an attacker to execute arbitrary code by overflowing a buffer in the program. The exploit is created by using a specially crafted ZIP file which contains a large amount of data. When the file is opened, the buffer is overflowed and the attacker can execute arbitrary code.
This exploit allows an attacker to execute arbitrary code on a vulnerable server running PHP Net Tools. The vulnerability is due to insufficient sanitization of user-supplied input to the 'host' parameter of the 'nettools.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request containing an arbitrary command to the vulnerable server.
Internet PhotoShow is prone to a remote file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
The web server crashes while sending specially crafted HTTP requests leading to Denial of Service.
Neon Responder is vulnerable to a Denial of Service (DoS) attack. The vulnerability is caused due to a boundary error when handling a specially crafted packet sent to port 4347. This can be exploited to crash the service by sending a specially crafted packet to the affected port.
Services By CQR