This is a denial of service exploit targeting RControl.dll version 1.2.1.0. The exploit causes a crash when less than 4000 characters are used, potentially indicating a heap overflow in ntdll.dll. The exploit was tested on Windows XP Professional SP2 with Internet Explorer 7.
The application suffers from multiple security vulnerabilities including: Open Redirection, multiple Stored and Reflected XSS and Cross-Site Request Forgery (CSRF).
The proof of concept demonstrates a stack overflow vulnerability in Mc Afee Viruscan v10.0.21. By clicking on a button, a function called GetUserRegisteredForBackend is triggered, which takes two arguments - bstrBackend and pvarAccountId. The bstrBackend argument is vulnerable to a buffer overflow, as it does not have any length check. An attacker can send a specially crafted string as input, causing the buffer to overflow and potentially execute arbitrary code. This vulnerability can be exploited to gain unauthorized access or crash the application.
This exploit is for libpng version 1.2.5. It triggers a buffer overflow vulnerability in the software. The exploit creates a PNG file with a specially crafted chunk that bypasses the length check. When the file is processed, it leads to a buffer overflow, allowing an attacker to execute arbitrary code.
This exploit allows for universal download and execution using call esp in libgimpcolor-2.0-0.dll.
A low privileged user can delete, modify or replace key executable files used by the Cyclope Employee Surveillance Solution software due to insecure file permissions. This can lead to unauthorized access and potential compromise of the system.
The exploit allows an attacker to retrieve the admin username and hash by exploiting a SQL injection vulnerability in TutorialCMS version 1.00. The vulnerable code is in the 'search.php' file where the 'search' parameter is not properly sanitized and is directly used in a SQL query. By injecting a specially crafted SQL query, an attacker can retrieve the admin username and hash from the 'users' table. The exploit can be triggered by accessing the 'search.php' page with the payload: 'search=' UNION SELECT 0,0,0,0,username,password,0,0,0,0,0,0,0 FROM users WHERE id='1' /*'. It is important to note that the vulnerability can only be exploited if the 'magic_quotes_gpc' configuration is set to 'off'. The exploit also mentions that all the parameters mentioned (browseCat.php, browseSubCat.php, openTutorial.php, topFrame.php, admin/editListing.php) are also vulnerable to XSS attacks.
Wordpress plugin TheCartPress v1.4.7 is suffer from multiple vulnerabilities remote attacker can disclosure some local files or do a remote code execution.
This exploit allows an attacker to retrieve the admin username and hash from the SimpleNews <= 1.0.0 FINAL system. The vulnerability is caused by a lack of input validation in the 'news_id' parameter of the 'print.php' script. By injecting a specially crafted SQL query, an attacker can retrieve sensitive information from the database.
The telltarget CMS 1.3.3 version is vulnerable to multiple remote file inclusion vulnerabilities. Attackers can exploit these vulnerabilities by injecting malicious code into certain PHP scripts, allowing them to include and execute arbitrary files from remote servers. The specific vulnerable paths include /phplib/site_conf.php, /phplib/version/1.3.3/functionen/class.csv.php, /phplib/version/1.3.3/functionen/produkte_nach_serie.php, /phplib/version/1.3.3/functionen/ref_kd_rubrik.php, /phplib/version/1.3.3/module/hg_referenz_jobgalerie.php, /phplib/version/1.3.3/module/surfer_anmeldung_NWL.php, /phplib/version/1.3.3/module/produkte_nach_serie_alle.php, /phplib/version/1.3.3/module/surfer_aendern.php, /phplib/version/1.3.3/module/ref_kd_rubrik.php, /phplib/version/1.3.3/module/referenz.php, /phplib/version/1.3.3/standard/1/lay.php, /phplib/version/1.3.3/standard/3/lay.php. These vulnerabilities can be exploited by an attacker to execute arbitrary code and potentially gain unauthorized access to the affected system.
Services By CQR