Photofiltre is vulnerable to an unspecified buffer overflow when processing a crafted .TIF file. This exploit just beeps (useless but incredibly noisy!!).
The Supasite v1.23b has a vulnerability that allows remote attackers to include arbitrary files. This can lead to remote code execution and unauthorized access to sensitive information.
The SQL Injection vulnerability in the Count Per Day WordPress plugin allows remote attackers with administrative privileges to execute arbitrary SQL commands and gain control of sensitive information in the application's database. The vulnerability is caused by insufficient filtration of input data passed via the 'cpd_keep_month' HTTP POST parameter to the '/wp-admin/options-general.php' script. An attacker can exploit this vulnerability through a CSRF vector since the application does not check the origin of HTTP requests.
By opening a malformed pdf document, it is possible to crash Foxit Reader, causing the victim to lose any unsaved data. The vendor has been notified. It is also possible to crash Foxit Reader via Opera or Internet Explorer upon opening the pdf file to view online.
This is a PoC (ASLR/DEP bypass) For ASLR bypass jrsysCrypt.dll is used, which doesn't make use of ASLR For DEP bypass a ropchain is used which call ZwProtectVirtualMemory through fastsyscall. This script looks for a tEXt chunk in a png file and replace this chunk with two other tEXt chunks. The first of them triggers the vulnerability and the second one contains a ropchain and shellcode.
The aMSN application is prone to a remote denial-of-service vulnerability. A successful exploit of this issue allows remote attackers to crash the affected application, denying service to legitimate users.
This is a proof-of-concept exploit for a remote root vulnerability in eXtremail version 2.1.1. The vulnerability is caused by a DNS parsing bug. By sending a specially crafted DNS packet, an attacker can gain remote root access to the system. The exploit has been tested on eXtremail versions 2.1.0 and 2.1.1 for Linux.
Attackers can inject arbitrary headers through a URL in PHP, leading to potential cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks.
A successful exploit will cause the application to enter emergency mode in which URLs are not blocked, resulting in a denial-of-service condition.
This is a buffer overflow exploit for Winamp Media Player version 5.3. It allows an attacker to cause a denial of service (DOS) by creating a specially crafted WMV file that triggers the overflow.