The GKrellWeather plugin for GKrellM is prone to a local stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
The VP-ASP Shopping Cart 6.09 is vulnerable to SQL Injection and Cross-Site Scripting (XSS) attacks. An attacker can exploit the SQL Injection vulnerability by sending a specially crafted request to the 'shopgiftregsearch.asp' page. This can lead to unauthorized access to the backend database. The XSS vulnerability can be exploited by injecting malicious code into the 'msg' parameter of the 'shopcustadmin.asp' page, which is not properly sanitized before being displayed to the users.
Once logged in as 'admin', an attacker can perform a SQL injection by uploading a file through the 'Clinic Files' feature and accessing it via the 'View File' option or directly through the URL 'http://xxx/arquivos/daclinica/files'.
The Article System 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) include/forms.php, (2) include/issue_edit.php, (3) include/client.php, or (4) include/classes.php.
A vulnerability exists in WPS to RTF convert filter that is part of Microsoft Office 2003. It could be exploited by a remote attacker to take complete control of an affected system. This issue is due to a stack overflow error in a function that reads sections from a WPS file. When the size of a section is changed to a number larger than 0x10, a stack overflow occurs - very easy to exploit.
This is a proof-of-concept exploit for a denial of service vulnerability in Windows Metafile Format (WMF) files. It generates a malicious WMF file that can cause the Windows Explorer in Windows XP to crash when browsing a folder containing the file.
The script creates a disk image with an arbitrary volume name. It uses the 'hdiutil' command-line tool to create the disk image with the specified size, file system, and volume name. The volume name is generated randomly using characters from the ASCII character set. The script then reads the created disk image and prints information about it, including the length of the volume name and the size of the disk image in bytes.
This Perl script attempts to log in to a MySQL server using a zero-length password. It sends a login packet with a zero-length password hash and checks the server's reply.
This exploit targets the Wordpress version 2.0.6 and below. It takes advantage of a vulnerability in the wp-trackback.php file to perform a SQL injection attack and disclose the admin hash. The exploit requires the server to have register_globals=on and PHP version between 4.0.0 and 4.4.2 or between 5.0.0 and 5.1.3. The exploit was created by rgod and the contact details for the author are provided in the script. The exploit can be used to retrieve sensitive information from the target server.
OpenBSD bgplg is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Services By CQR