This Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than how much is available on the heap (0x400 allocated by WINMM!winmmAlloc), and then allowing us to either "inc al" or "dec al" a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. At this time, for IE 8 target, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention). Note: Based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.
2fdc9c5c7f7d444b003b94e6d9ac9413e9711bc63c367b5bb555b0a3a0fecd1cStudio Manolibera's listarivisteuk.php suffers from a remote SQL injection vulnerability.
28d2f1e146dd773e526708587175db0f5bfe66b4465bf4ec6d2d00fd23383036IBBY's nouvelles.php suffers from a remote SQL injection vulnerability.
c04b78989522c139651f6aa6c65f3d7460fff4e8d0dddf5d0eb5ed2ba7b110eaAdobe's forgotten password flow suffers from a cross site scripting vulnerability.
56dd4b055b8c11f573705c655ee42f1b46271dee374850bd90ae46a6869383b6Interactive Web Design suffers from a remote SQL injection vulnerability.
6704f81de2cc4db380e6e55c3d71d804faab43d6c8146ff1c6dee52bbc457990Global Media Service suffers from a remote SQL injection vulnerability.
7210f4893460996ab0a96a6ca7630b5c27d34aa61c7d92dbff272c7c98e73bdfPeel SHOPPING versions 2.8 and 2.9 suffer from cross site scripting and remote SQL injection vulnerabilities.
17013c953a7f95786dfb2ecad6a020c83079109d6d36eb30367f8a13d03dee28xClick Cart versions 1.0.1 and 1.0.2 suffer from a cross site scripting vulnerability.
bcdba6e1a2a10dc5c0b8b5f306c9a121c7949bd1b52de3780b73383a3a2e6c07Register Plus versions 3.5.1 and below for WordPress suffer from code execution, cross site scripting and path disclosure vulnerabilities.
8af0748bb44a2d219bb2dab50499ab80ee471af807d2e71af2be053afca0860dThis Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.50. This issue was fixed in 5.52. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP and 2003.
9c89a9721eaaf34e5b28601af5c5497ccf1f5855860d05b1399eb663bcde037cPHPList version 2.10.9 suffers from cross site request forgery and cross site scripting vulnerabilities.
156406175499db29e968856e912ccff0b2c4c1aa66ff94fd3a2977ec74379288VR GPub version 4.0 suffers from a cross site request forgery vulnerability.
5c3013cdb2082412cf2d8ba5b3215c6f53bd60379f3fd0b3342da270893d0d0dMultiple etsi.org subdomains suffer from cross site scripting vulnerabilities.
ccc5522089f8ee652b28dc209c73262d2f2707419c2bcb070a8903acfe080c52The WordPress Slideshow Gallery 2 plugin suffers from a cross site scripting vulnerability.
95f81ff5d5319986839d3984fe04c5f19ec6e9cb57da1a036a73eb93c22cc4caThe Joomla Products component suffers from multiple remote SQL injection vulnerabilities.
16fe7260bde5adf260a7e400d2c3e713031e4353fb1630b08f7999376850f6bfThe Joomla Motor component suffers from a remote SQL injection vulnerability.
0cd5df780696abbfce7cdc3eb9913c71bd63775e64a0968a4cdab979e3ccb3fcvBadvanced CMPS versions 3.2.2 and below suffer from local file inclusion and remote file inclusion vulnerabilities.
c6a391cbf24f61e8fea160228f0df279dca4ae0f1ad3d65b35e040748bf83045This Metasploit module exploits a stack buffer overflow in versions 2.112 of UltraPlayer by creating a specially crafted .m3u file. The file allows an attacker to execute arbitrary code.
ca1fcc7a152abea97e8cfb96078845d146070280b9ea0f1eac09f15ddad9d831This Metasploit module exploits a buffer overflow in Microsoft Office 2003 and command execution with .a malicious doc file .
e45bf18ac108e4ae3783ccae6f6292790febfb3111809b9cea39d7aae1a9bdb6RSSLounge suffers from a cross site scripting vulnerability.
0247221fb2aeed4124aa951eb761e61549b9bf29018bda5ac1745ddf5313614fAcolyte CMS versions 1.5 and 6.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
51fa4e3bd561627016cc5adc2f2401ab8129e365593901bbdd521ba1b6406931DClassifieds version 0.1 Final suffers from a cross site request forgery vulnerability.
888779fbbbf396ea56ee0df0bf1228d2933f57d7888511a331b394459aab82c6OSclass version 2.3.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
68a8b30bf86fd39358f8a0a0494cc909420ce555fbbc8fcc42bab6bdd5564c4dVerkehrsbetriebe Berlin suffers from a remote SQL injection vulnerability.
fb54b702fdb97e4b2487f7217d188f9ad3e15e521696a53844b118cb2cf31648Multiple Facebook applications suffer from a null byte SQL injection vulnerability.
712bc0035aef721e45958679ad3227dc02a5a2003c0fac08baef7c664fb8ee22
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed