This exploit takes advantage of a stack based buffer overflow vulnerability in BlazeDVD Pro v7.0. By sending a specially crafted .plf file, an attacker can overwrite the return address and gain control of the program flow. This exploit bypasses ALSR and DEP protections on Windows 8.1 Pro.
This exploit targets the Rediff Toolbar ActiveX Control and can be used to trigger a remote Denial of Service (DoS) attack. The vulnerability exists in the control's implementation, allowing an attacker to send a specially crafted request that can cause the control to crash or become unresponsive.
The FestOS application is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.
DSite CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
phpwcms is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Spitfire is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability. An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible.
The TFTPDWIN Server v0.4.2 is vulnerable to an attack where a remote or local attacker can execute arbitrary commands or cause a denial of service by sending a UDP packet of length more than 516 bytes.
The Juniper Networks SA2000 SSL VPN appliance is vulnerable to a cross-site scripting (XSS) attack due to a failure in properly sanitizing user-supplied input in its web interface. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other malicious activities.
The 'Solaris Management Console' subcomponent of Oracle Solaris creates temporary files in an insecure manner. An attacker with local access can exploit this issue to overwrite arbitrary files, leading to denial-of-service conditions or aiding in other attacks.
A local attacker can exploit this issue to overwrite arbitrary files with the privileges of the affected process, resulting in denial-of-service conditions and other possible attacks.