This exploit takes advantage of a SEH (Structured Exception Handler) overflow vulnerability in A-PDF All to MP3 Converter v.1.1.0. By sending a specially crafted WAV file as input, an attacker can trigger the overflow and execute arbitrary code. The exploit has been tested on Windows XP SP3.
phpmyfamily is a dynamic genealogy website builder which allows geographically dispersed family members to maintain a central database of research which is readily accessable and editable. By having a central repository, family members can contribute as and when information becomes available without requiring them to send it to a central 'custodian', or disseminate via email, and allows anecdotal information and possible leads to be shared. The vulnerabilities include directory listing and cookie info disclosure, as well as cross-site scripting (XSS) vulnerabilities.
This exploit allows remote attackers to execute arbitrary code on a system with Firefox 3.6.4 by exploiting a vulnerability in the Firefox plugin parameter EnsureCachedAttrParamArrays.
This exploit generates a malicious .ilj project file for Honestech VHS to DVD <= 3.0.30 Deluxe. When the corrupt file is loaded in Advanced mode, it triggers a buffer overflow. The exploit is for education purposes only.
The software version 1.7.3 of pixelpost is vulnerable to stored XSS and CSRF attacks. The 'Image Title' and 'tags' parameters in the admin login page are vulnerable to stored XSS. An attacker can inject malicious code, such as <script>alert('sweet')</script>, to execute arbitrary JavaScript code. Additionally, the admin password change functionality is vulnerable to CSRF. An attacker can change the admin password by sending a crafted request to the 'options' endpoint.
This CMS has an authentication bypass vulnerability with SQL Injection in the login page. The user_name and password parameters received from the login form are passed to the do_login function, where they are then passed to the get_account_information function without any validation. These parameters are directly applied in an SQL query, allowing an attacker to bypass authentication and potentially gain unauthorized access.
This exploit is for Adobe Acrobat and Reader. It takes advantage of a memory corruption vulnerability in the software. The specific vulnerability is related to the "pushstring" function. This exploit allows an attacker to execute arbitrary code on a target system. The impact of this vulnerability is considered to be medium to high.
This version of ASP Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
The exploit takes advantage of a memory corruption vulnerability in Excel 2002 sp3. It uses a combination of pop pop ret and call esp instructions to execute shellcode.
Some Local File inclusion vulnerabilities exist in Component Joomla Jphone 1.0 Alpha 3.
Services By CQR