The exploit allows an attacker to read up to 31 bytes of uninitialized memory at a time from a connected client or server.
The Ripe Website Manager script (version <= v0.8.9) is vulnerable to remote file inclusion. The vulnerability can be exploited by including arbitrary files via the 'level' parameter in the 'author_panel_header.php' and 'admin_header.php' scripts. An attacker can craft a malicious URL and execute arbitrary code on the target system.
Remote sql injection in view_sub_cat.php cat_id, able to pull username/passwords of their admin and user accounts.
The shipped HTTP daemon in OpenBSD (up to the latest version) is prone to 2 remote DoS. The first vulnerability allows an attacker to consume all the CPU power from the remote server (CPU exhaustion). The second vulnerability (Memory exhaustion) allows an attacker to consume all the RAM and the swap space on the remote side. Processes will be killed when running out of swap space. The system will be likely to freeze.
Remote sql injection in view_sub_cat.php cat_id, able to pull username/passwords of their admin and user accounts.
If the client receives a large banner when attempting to send a file, the application will freeze or crash with an exception report. The EIP is overwritten with A's. Version 3.1.3 is not vulnerable.
The vulnerability exists in the login.php file of webchat 0.78. By manipulating the 'rid' parameter in the URL, an attacker can perform a SQL injection attack to extract sensitive information from the user table.
During an internal code review, multiple vulnerabilities were identified in Zoneminder 1.29 and 1.30. The vulnerabilities include SQL Injection, Cross Site Scripting, Session Fixation, and lack of CSRF Protection. These vulnerabilities could allow a remote attacker to compromise user accounts or access the database.
This exploit allows an attacker to execute remote code on a target system through a vulnerability in CUPS. The vulnerability involves a reference count over decrement issue. By exploiting this vulnerability, an attacker can gain unauthorized access to the target system and execute arbitrary code. The vulnerability is identified by CVE-2015-1158.
This is a remote buffer overflow exploit for the AMX Corp. VNC ActiveX Control (AmxVnc.dll 1.0.13.0). It has been tested against IE6 on XP SP2. The vulnerability allows an attacker to execute arbitrary code remotely by passing a malicious input to the Host property. The exploit triggers a buffer overflow, resulting in an access violation when reading a specific memory address. The Password and LogFile properties are also vulnerable to the same issue.
Services By CQR