The HP eSupportDiagnostics ActiveX control is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious HTML page. Successfully exploiting these issues allows remote attackers to obtain the contents of arbitrary files and registry values. Information harvested may aid in further attacks.
This module exploits a classical stack overflow in Navicopa Web Server 2.01 version. Credit to h07 for discovering this vulnerability. This is a port to the original h07 c code.
The SiteScape Forum is vulnerable to command injection due to insufficient input sanitization. Attackers can exploit this vulnerability to execute arbitrary commands within the webserver process. Successful exploitation could lead to the compromise of the application and potentially the underlying system.
iSupport is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
This module will cause remote code execution on several SerComm devices. These devices typically include routers from NetGear and Linksys. Tested against NetGear DG834.
The L2J Statistik Script version 0.09 allows remote attackers to execute arbitrary code via shell commands or PHP code.
The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability. An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.
ProWizard 4 PC is prone to multiple stack-based buffer-overflow issues because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.
The Adobe Flash Player application fails to properly sanitize user-supplied input, allowing an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can lead to the theft of cookie-based authentication credentials and enable other attacks.
The 'id3lib' library is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application or to crash the application, denying further service to legitimate users.
Services By CQR