Mercury/32 <v4.01b (win32) remote exploit. The vulnerability is caused by Mercury/32 concatenating continuation data into a fixed sized buffer disregarding the length of the original command. This allows an attacker to trigger a stack-based buffer overflow without requiring authentication. The exploit takes advantage of a stack frame that calls end_thread before returning. There are at least two different ways to exploit this vulnerability: controlling a pointer into sprintf and/or controlling a pointer to be free().
IBM WebSphere ILOG JRules is vulnerable to a cross-site scripting (XSS) vulnerability. This vulnerability occurs due to the application's failure to properly sanitize user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of cookie-based authentication credentials and other malicious activities.
The id Tech 4 Engine is vulnerable to a remote code execution vulnerability. An attacker can exploit this vulnerability to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Sigmer Technologies Scribe CMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
osCmax fails to properly sanitize user-supplied input, allowing an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can lead to the theft of cookie-based authentication credentials and other attacks.
SaffaTunes CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Enemy Territory: Quake Wars application is prone to a remote buffer overflow vulnerability due to inadequate boundary checks on user-supplied input. Attackers can exploit this vulnerability to execute arbitrary code within the application's context. Failed attacks may result in denial-of-service conditions.
This exploit targets the mssql_connect() and mssql_pconnect() functions in PHP versions <= 4.4.6. It allows for local buffer overflow and can also bypass the safe_mode restriction. The exploit is specific to Windows 2000 SP3 EN with a SEH overwrite. It was created by rgod as a contribution to MOPB.
The vulnerability allows an attacker to inject malicious code into the Skype ID field of a user's profile, leading to a persistent XSS attack.
The exploit allows an attacker to perform SQL injection, disclose passwords, and execute remote code execution (RCE) in Pligg version 2.0.1 and below. The vulnerability is found in the recover.php file, where user input is not properly sanitized before being used in SQL queries. By manipulating the 'id' and 'n' parameters, an attacker can inject malicious SQL code and retrieve sensitive information or execute arbitrary code. This can lead to unauthorized access, data disclosure, and potential system compromise.
Services By CQR