Gomplayer version 2.2.57.5189 and prior to that are vulnerable to a memory corruption vulnerability via a malformed ogg file format.
This module exploits a buffer overflow vulnerability in Adobe Flash Player. The vulnerability occurs in the flash.Display.Shader class, when setting specially crafted data as its bytecode, as exploited in the wild in April 2014. This module has been tested successfully on IE 6 to IE 10 with Flash 11 and Flash 12 over Windows XP SP3, Windows 7 SP1 and Windows 8.
Jetaudio latest version V 8.1.1 suffers from a memory corruption Vulnerability via a malformed .ogg file format when load JetMPAd.ax
This module exploits a stack-based buffer overflow vulnerability in the BKESimmgr.exe service in Yokogawa CS3000. The vulnerability occurs when handling specially crafted packets and is caused by an insecure usage of memcpy, using attacker-controlled data as the size count. The module has been tested successfully in Yokogawa CS3000 R3.08.50 over Windows XP SP3 and Windows 2003 SP2.
This exploit allows an attacker to remotely disclose files on a system running Xnews 1.0.1. The vulnerability was discovered by r0ut3r and can be exploited by sending a specially crafted request to the server. The exploit has been tested on Xnews 1.0.1.
Sending a long argument to CWD will cause VicFTPs Server to overwrite memory. EIP is overwritten at 323. The POC uses a larger buffer to overwrite exception handler, preventing an error message.
This program demonstrates a buffer overflow vulnerability in the dtterm program. The vulnerability occurs when the program tries to execute a shell command using the execv() function. By providing a specially crafted input, an attacker can overflow the buffer and execute arbitrary code.
This exploit takes advantage of a format string vulnerability in the pop3 service of Axigen eMail Server v2.0 (beta) to execute /bin/sh and bind to port 31337. The exploit uses an optimised format string generated with libforSC, using hhn for writes. The logType for the pop3 service must be set to "system" and the logLevel must have the 4th bit set.
This exploit allows an attacker to include remote files by manipulating the 'gb_pfad' parameter in the 'functions_inc.php' file. The vulnerability exists in S-Gästebuch version 1.5.3.
The vulnerability allows an attacker to execute arbitrary SQL queries in the application's database. By manipulating the 'album' parameter in the URL, an attacker can retrieve sensitive information from the 'config' table.
Services By CQR