Pre Authentication Buffer Overflow in Eudora Qualcomm WorldMail 9.0.333.0 IMAPd Service. The SEH gets overwritten at 749 bytes when using the UID command. Only 79 bytes left after SEH, so the shellcode was placed before SEH and a backward jump is used after SEH to execute the shellcode. Shellcode used is shell_bind_tcp LPORT*4444 EXITFUNC*seh, with bad characters 0x00 and 0x7b.
The webchat application is vulnerable to a file include vulnerability. An attacker can exploit this vulnerability by manipulating the WEBCHATPATH parameter in the defines.php file. This can lead to remote code execution or information disclosure.
The omniinet service in HP Data Protector is vulnerable to remote command execution. By sending a malicious EXEC_BAR packet, an attacker can force the service to run arbitrary commands on the target system. This can lead to complete compromise of the remote host. The vulnerability can be exploited by sending two specific arguments to the omniinet service. The exploit creates a new Windows account and adds it to the local Administrators group.
This exploit allows an attacker to execute arbitrary SQL queries in the Dexter (CasinoLoader) Panel. By manipulating the 'page' parameter, an attacker can inject SQL code to retrieve sensitive information from the database.
This exploit takes advantage of a vulnerability in the shared_region_map_file_np function in Mac OS X. By opening the libSystem.dylib file and calling the shared_region_map_file_np syscall with a specific address, an attacker can escalate their privileges to gain root access.
The exploit is a code injection vulnerability that allows an attacker to execute arbitrary code by manipulating the 'roomname' parameter in the 'aim:gochat' URL scheme. The code uses a loop to create a string of 'A%n' characters and then appends it to the 'aim:gochat?roomname=' prefix. When the 'window.location' is set to this string, the code injection occurs.
The MySpeach script is affected by a code injection vulnerability in the 'up.php' file. An attacker can exploit this vulnerability by injecting malicious code through the 'my[root]' parameter in the URL. This can lead to arbitrary code execution on the target system.
This module exploits a stack-based buffer overflow vulnerability in Easy CD-DA Recorder 2007, caused by a long string in a playlist entry. By persuading the victim to open a specially-crafted .PLS file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This module has been tested successfully on Windows XP SP3 and Windows 7 SP1.
This vulnerability allows remote attackers to include arbitrary files via a specially crafted URL in the env[inc_path] parameter in the config.php script.
Bug in (lib/nl/nl.php) include($g_strRootDir.$g_strLibDir."nl/nlsite.php"); include($g_strRootDir.$g_strLibDir."nl/nltable.php");
Services By CQR