DaumGame ActiveX versions 1.1.0.5, 1.1.0.4 by Daum Communications includes the vulnerable method 'IconCreate' which is designed to support icon process. The method which accepts printable characters suffers from buffer overflow vulnerability that leads to SEH overwrite.
The Data parameter in the MW6MaxiCode Class is subject to a buffer overflow, leading to arbitrary code execution. By entering a string larger than 4000 characters, it is possible to trigger the overflow. This results in Internet Explorer crashing when trying to copy 42424242 to a register. By disassembling near the crash location, it can be observed that both EAX and ECX can be manipulated with values 41414141 and 42424242 respectively. These manipulated values are later used to perform write operations, leading to an arbitrary 4 byte write.
The Data parameter in the MW6Aztec ActiveX COM Object is subject to a buffer overflow, leading to arbitrary code execution. By entering a string larger than 9000 characters, the attached PoC (mw6maztec.html) crashes when trying to read from address 41414141. Further investigation reveals that the value of EAX 030e20d0 is written into an arbitrary memory location, and this EAX value is pointing to the Data buffer.
The LunarPoll script is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by injecting a malicious URL in the 'PollDir' parameter of the 'show.php' script, leading to the inclusion of arbitrary remote files.
The directory traversal vulnerability in WinIPDS allows an attacker to gain access to sensitive information by manipulating directory paths. The denial-of-service vulnerability allows an attacker to crash the application, denying service to legitimate users. The vulnerabilities can be exploited by sending specially crafted GET or POST requests with manipulated directory paths.
This exploit allows an attacker to gain unauthorized access, reset the admin password, and execute arbitrary commands on a vulnerable sNews <= 1.5.30 installation. The exploit works regardless of php.ini settings. The attacker needs to provide the target server, path to sNews, their IP address, and a shell command. Options include specifying a different port or using a proxy. The exploit sends a packet to the target server and if successful, gains unauthorized access, resets the admin password, and executes the specified command.
The GKrellWeather plugin for GKrellM is prone to a local stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
The VP-ASP Shopping Cart 6.09 is vulnerable to SQL Injection and Cross-Site Scripting (XSS) attacks. An attacker can exploit the SQL Injection vulnerability by sending a specially crafted request to the 'shopgiftregsearch.asp' page. This can lead to unauthorized access to the backend database. The XSS vulnerability can be exploited by injecting malicious code into the 'msg' parameter of the 'shopcustadmin.asp' page, which is not properly sanitized before being displayed to the users.
Once logged in as 'admin', an attacker can perform a SQL injection by uploading a file through the 'Clinic Files' feature and accessing it via the 'View File' option or directly through the URL 'http://xxx/arquivos/daclinica/files'.
The Article System 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) include/forms.php, (2) include/issue_edit.php, (3) include/client.php, or (4) include/classes.php.
Services By CQR