Lucene search
K
ZeroscienceRecent

1109 matches found

Zero Science Lab
Zero Science Lab
added 2011/02/26 12:0 a.m.28 views

eXPert PDF Reader 4.0 NULL Pointer Dereference and Heap Corruption Denial Of Service

Summary eXPert PDF Reader is a free pdf viewer software that lets you view and print pdf documents on windows operating systems. Description The vulnerability is caused due to a NULL pointer dereference when processing malicious Printer Job .pj files and can be exploited to crash the application...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/02/24 12:0 a.m.17 views

Elecard MPEG Player 5.7 Local Buffer Overflow PoC (SEH)

Summary Elecard MPEG Player is a high-quality full-featured multimedia player supporting the newest formats, designed to provide you with video and audio playback. Description The program suffers from a buffer overflow with SEH overwrite vulnerability when opening playlist file .m3u, as a result ...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/02/22 12:0 a.m.33 views

WinMerge v2.12.4 Project File Handling Stack Overflow Vulnerability

Summary WinMerge is an Open Source differencing and merging tool for Windows. WinMerge can compare both folders and files, presenting differences in a visual text format that is easy to understand and handle. WinMerge is highly useful for determining what has changed between project versions, and...

6.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/02/18 12:0 a.m.14 views

phpBugTracker 1.0.5 Multiple Reflected XSS Vulnerabilities

Summary phpBugTracker is a web-based bug tracker with functionality similar to other issue tracking systems, such as Bugzilla. Design focuses on separating the presentation, application, and database layers. phpBugTracker is lightweight and easy to install, operate and administer. Most text can b...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/02/17 12:0 a.m.20 views

GAzie 5.10 (Login parameter) Multiple Remote Vulnerabilities

Summary GAzie is a multi-company management program ERP that runs on Apache web server with support for PHP and Mysql database. Open Source web-based application for small and medium enterprises. Description GAzie is prone to a cross-site scripting and an SQL Injection vulnerability because it...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/02/15 12:0 a.m.68 views

AutoPlay v1.33 (autoplay.ini) Local Buffer Overflow Exploit (SEH)

Summary AutoPlay is a shareware application used for making autorun.ini files that can be edited and stored to compact disks. Description The program suffers from a buffer overflow vulnerability when openinng autorun file .ini, as a result of adding extra bytes to parts of the edited file, giving...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/02/12 12:0 a.m.25 views

MG2 0.5.1 Multiple XSS Vulnerabilities

Summary MG2 is the sequel to the popular image gallery script MiniGal. One of the highlights of MG2 is, that it supports PHP running in safe mode which is unsupported by almost all other dynamic image gallery scripts on the web. Description MG2 suffers from multiple XSS vulns. Several parameters...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/02/11 12:0 a.m.41 views

Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability

Summary Pixelpost is an open-source, standards-compliant, multi-lingual, fully extensible photoblog application for the web. Anyone who has web-space that meets the requirements can download and use Pixelpost for free! Description Pixelpost is vulnerable to an SQL Injection attack when input is...

6.5CVSS5.9AI score0.01297EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2011/02/11 12:0 a.m.22 views

Pixelpost 1.7.3 Multiple Persistent Cross-Site Scripting Vulnerabilities

Summary Pixelpost is an open-source, standards-compliant, multi-lingual, fully extensible photoblog application for the web. Anyone who has web-space that meets the requirements can download and use Pixelpost for free! Description Pixelpost is vulnerable to multiple cross-site scripting...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/02/11 12:0 a.m.41 views

Oracle MySQL Eventum 2.3 Remote Script Insertion Vulnerabilities

Summary Eventum is a user-friendly and flexible issue tracking system that can be used by a support department to track incoming technical support requests, or by a software development team to quickly organize tasks and bugs. Description Eventum suffers from a cross-site scripting vulnerability...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/02/11 12:0 a.m.103 views

TaskFreak! v0.6.4 Multiple Cross-Site Scripting Vulnerabilities

Summary TaskFreak! Original is a simple but efficient web based task manager written in PHP. Description TaskFreak! suffers from multiple XSS vulnerabilities when parsing input to multiple parameters in different scripts. The vulnerable POST parameters are: 'sContext', 'sort', 'dir' and 'show' th...

4.3CVSS6.1AI score0.01751EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2011/01/22 12:0 a.m.57 views

CultBooking 2.0.4 (lang) Local File Inclusion Vulnerability

Summary Open source hotel booking system Internet Booking Engine IBE. Via a central api called CultSwitch it is possible to make bookings and set the actual availabilities in the hotels pms. This is easy to install and easy to integrate with full support. Description CultBooking suffers from a...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/01/22 12:0 a.m.66 views

CultBooking 2.0.4 (cultbooking.php) Multiple XSS/PD Vulnerabilities

Summary Open source hotel booking system Internet Booking Engine IBE. Via a central api called CultSwitch it is possible to make bookings and set the actual availabilities in the hotels pms. This is easy to install and easy to integrate with full support. Description CultBooking Hotel Booking...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/01/10 12:0 a.m.45 views

Macro Express Pro 4.2.2.1 MXE File Syntactic Analysis Buffer Overflow PoC

Summary Macro Express is the premier Windows macro utility. With Macro Express, you can record, edit and play back mouse and keyboard macros. Its powerful tools and robust features will make you more productive. Description Macro Express Pro suffers from a buffer overflow vulnerability when...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/12/23 12:0 a.m.74 views

Embedthis Appweb Web Server 3.2.2-1 (Ejscript) Remote XSS Vulnerability

Summary Appweb has a multi-threaded, event-driven, core to deliver exceptional throughput, response and outstanding memory utilization. It is compact and will embed using as little as 800K of memory. Appweb is a standards-based embedded HTTP server that has a wealth of features. Description Appwe...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/12/15 12:0 a.m.56 views

MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability

Summary MantisBT is a free popular web-based bugtracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a webserver. MantisBT has been installed on Windows, Linux, Mac OS, OS/2, and others. Almost any web browser should be able to...

5.1CVSS5.7AI score0.0788EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2010/12/15 12:0 a.m.14 views

MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability

Summary MantisBT is a free popular web-based bugtracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a webserver. MantisBT has been installed on Windows, Linux, Mac OS, OS/2, and others. Almost any web browser should be able to...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/12/06 12:0 a.m.34 views

MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability

Summary MODx Revolution is a powerful PHP Content Management Framework that plays nicely with custom code and helps you build sites faster and maintain them with ease. With Revolution you'll leverage the best things to come around since MVC and Active Record. Description The MODx Revolution CMS...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.74 views

Native Instruments Kontakt 4 Player NKI File Syntactic Analysis Buffer Overflow PoC

Summary KONTAKT 4 PLAYER is the free sample player based on award-winning KONTAKT technology. Expanding the capabilities of its successful predecessor, the free KONTAKT 4 PLAYER allows for innovative, highly playable instruments leaving technological and musical limitations behind. Description...

6.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.115 views

Native Instruments Massive 1.1.4 KSD File Handling Use-After-Free Vulnerability

Summary MASSIVE is a sonic monster – the ultimate synth for basses and leads. The analog concept belies the contemporary, cutting-edge sound it generates. The high-end engine delivers pure quality, lending an undeniable virtue and character to even the most saturated of sounds. The interface is...

6.3AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.48 views

Native Instruments Kontakt 4 Player v4.1.3 Insecure Library Loading Vulnerability

Summary KONTAKT 4 PLAYER is the free sample player based on award-winning KONTAKT technology. Expanding the capabilities of its successful predecessor, the free KONTAKT 4 PLAYER allows for innovative, highly playable instruments leaving technological and musical limitations behind. Description...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.46 views

Native Instruments Guitar Rig 4 Player v4.1.1 Insecure Library Loading Vulnerability

Summary GUITAR RIG 4 PLAYER is the free, modular and expandable effects processor from Native Instruments, combining creative effects routing possibilities with ease-of-use and pristine sound quality. The included FACTORY SELECTION library provides one stunning Amp emulation with Matched Cabinet,...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.57 views

Native Instruments Service Center 2.2.5 Local Privilege Escalation Vulnerability

Summary The NI Service Center is a service used for Product Activation. Description The Native Instruments's Service Center suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.59 views

Native Instruments Traktor Pro 1.2.6 Stack-based Buffer Overflow Vulnerability

Summary TRAKTOR PRO is the new benchmark in DJ software. Mix digital files on four decks, using the high-quality internal mixer or external hardware, and the best effects suite around. Fully primed for professional use, TRAKTOR PRO redefines the art of DJing. Description Desc: Traktor Pro suffers...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.39 views

Native Instruments Reaktor 5 Player v5.5.1 Heap Memory Corruption Vulnerability

Summary REAKTOR 5 PLAYER is your free entry point to the award-winning and avant-garde audio world of REAKTOR 5 - the super-powerful modular sound studio that made Native Instruments famous. Description The NI's Reaktor 5 Player suffers from multiple file handling vulnerability when processing .e...

6.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.47 views

Native Instruments Service Center 2.2.5 Insecure Library Loading Vulnerability

Summary The NI Service Center is a service used for Product Activation. Description The Service Center suffers from a DLL hijacking vulnerability, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused due to the application insecurely loading certain...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.61 views

Native Instruments Reaktor 5 Player v5.5.1 Insecure Library Loading Vulnerability

Summary REAKTOR 5 PLAYER is your free entry point to the award-winning and avant-garde audio world of REAKTOR 5 - the super-powerful modular sound studio that made Native Instruments famous. Description Reaktor 5 Player suffers from a DLL hijacking vulnerability, which could be exploited by remot...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/11/08 12:0 a.m.35 views

Nevercenter Silo 2.1.1 Insecure Library Loading Vulnerability

Summary Silo 2 is a focused 3D modeling application with the ability to effortlessly switch between organically sculpting high-polygon models and precisely controlling hard-edged surfaces. It can be used for anything from creating 3D characters for video games and movies to quickly exploring 3D...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/10/22 12:0 a.m.45 views

Altova DatabaseSpy 2011 Project File Handling Buffer Overflow Vulnerability

Summary Altova DatabaseSpy® 2011 is the unique multi-database query, design, and database comparison tool. It connects to all major databases, easing SQL editing, database structure design, database content editing, database schema and content comparison, and database conversion for a fraction of...

6.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/10/15 12:0 a.m.78 views

eXV² Content Management System 2.10 Remote XSS Vulnerability

Summary eXV² is a free CMS for building and operating private home pages, small and large communities and it's also easily used for small to medium business presences. Description The CMS suffers from a remote reflected Cross-Site Scripting vulnerability when input passed thru "rssfeedURL" and...

4.3CVSS6.2AI score0.01089EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2010/10/14 12:0 a.m.39 views

Exponent CMS v0.97 Multiple Vulnerabilities

Summary Open Source Content Management System PHP+MySQL. Description Exponent CMS suffers from multiple vulnerabilities: 1. Local File Inclusion / File Disclosure Vulnerability 2. Arbitrary File Upload / File Modify Vulnerability 3. Reflected Cross-Site Scripting Vulnerability 1 LFI/FD occurs whe...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/10/06 12:0 a.m.25 views

TomatoCart 1.0.1 (json.php) Remote Cross-Site Scripting Vulnerability

Summary TomatoCart is the new generation of open source shopping cart solution developed by Elootec Technology Co., Ltd. It is branched from osCommerce 3 as a separate project. Description TomatoCart version 1.0.1 suffers from a XSS vulnerability because input passed via the "action" parameter to...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/10/01 12:0 a.m.37 views

Zen Cart v1.3.9f (typefilter) Local File Inclusion Vulnerability

Summary Zen Cart is an online store management system. It is PHP-based, using a MySQL database and HTML components. Support is provided for numerous languages and currencies, and it is freely available under the GNU GPL. Description Zen Cart v1.3.9f suffers from a file inlcusion vulnerability LFI...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/10/01 12:0 a.m.25 views

Zen Cart v1.3.9f Multiple Remote Vulnerabilities

Summary Zen Cart is an online store management system. It is PHP-based, using a MySQL database and HTML components. Support is provided for numerous languages and currencies, and it is freely available under the GNU GPL. Description Zen Cart v1.3.9f suffers from a persistent cross-site scripting...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/09/21 12:0 a.m.91 views

Softek Barcode Reader Toolkit ActiveX 7.1.4.14 (SoftekATL.dll) Buffer Overflow PoC

Summary The Softek Barcode Reader Toolkit for Windows is a SDK that enables applications to extract barcode information from images. The API's available in the toolkit include .net, java, com, ocx and windows dll. The standard version includes support for both 1 and 2-D barcodes and special...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/09/17 12:0 a.m.128 views

Netautor Professional 5.5.0 (goback) XSS Vulnerability

Summary Netautor Professional is an application server and development environment. Netautor Professional was developed to serve the practical needs of users, and was continuously advanced. -- Digital Workroom is a well proven and time-tested Content Management System. Its based on also...

4.3CVSS6.1AI score0.01689EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2010/09/08 12:0 a.m.22 views

Textpattern 4.2.0 (txplib_db) Null Termination Cross-Site Scripting Vulnerability

Summary Textpattern is an open source content management system unlike any other; it allows you to easily create, edit and publish content and make it beautiful in a professional, standards-compliant manner. Description Textpattern CMS version 4.2.0 suffers from a XSS vulnerability. Input passed...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/09/06 12:0 a.m.116 views

MySource Matrix 3.28.3 (height) Remote Reflected XSS Vulnerability

Summary MySource Matrix is a powerful Open Source Content Management System CMS written in PHP and is suitable for many types of organisations. Description Input passed via the "height" parameter to charmap.php is not properly sanitised before being returned to the user. This can be exploited to...

4.3CVSS6.1AI score0.0173EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2010/09/01 12:0 a.m.22 views

LEADTOOLS ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities

Summary With LEADTOOLS you can control any scanner, digital camera or capture card that has a TWAIN 32 and 64 bit device driver. High-level acquisition support is included for ease of use while low-level functionality is provided for flexibility and control in even the most demanding scanning...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/08/28 12:0 a.m.53 views

LEADTOOLS ActiveX Raster Twain v16.5 (LtocxTwainu.dll) Remote Buffer Overflow PoC

Summary With LEADTOOLS you can control any scanner, digital camera or capture card that has a TWAIN 32 and 64 bit device driver. High-level acquisition support is included for ease of use while low-level functionality is provided for flexibility and control in even the most demanding scanning...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/08/26 12:0 a.m.71 views

Nullsoft Winamp 5.581 (wnaspi32.dll) DLL Hijacking Exploit

Summary Winamp is a media player for Windows-based PCs, written by Nullsoft, now a subsidiary of AOL. It is proprietary freeware/shareware, multi-format, extensible with plug-ins and skins, and is noted for its graphical sound visualization, playlist, and media library features. Description Winam...

9.3CVSS6.2AI score0.07826EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2010/08/26 12:0 a.m.21 views

CorelDRAW X3 v13.0.0.576 (crlrib.dll) DLL Hijacking Exploit

Summary Graphic design software for striking visual communication. Description CorelDRAW X3 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extensions are .cmx and .csl thru crlrib.dll library. / CorelDRAW X3...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/08/26 12:0 a.m.27 views

Corel PHOTO-PAINT X3 v13.0.0.576 (crlrib.dll) DLL Hijacking Exploit

Summary Graphic design software for striking visual communication. Description Corel PHOTO-PAINT X3 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extension is .cpt thru crlrib.dll library. / Corel PHOTO-PAINT X3...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/08/26 12:0 a.m.84 views

Google Earth v5.1.3535.3218 (quserex.dll) DLL Hijacking Exploit

Summary Google Earth lets you fly anywhere on Earth to view satellite imagery, maps, terrain, 3D buildings, from galaxies in outer space to the canyons of the ocean. You can explore rich geographical content, save your toured places, and share with others. Description Google Earth suffers from a...

9.3CVSS6.2AI score0.03787EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2010/08/26 12:0 a.m.37 views

Media Player Classic 6.4.9.1 (iacenc.dll) DLL Hijacking Exploit

Summary Media Player Classic MPC is a compact media player for 32-bit Microsoft Windows. The application mimics the look and feel of the old, lightweight Windows Media Player 6.4 but integrates most options and features found in modern media players. It and its forks are standard media players in...

9.3CVSS6.2AI score0.26693EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2010/08/26 12:0 a.m.40 views

Adobe Extension Manager CS5 v5.0.298 (dwmapi.dll) DLL Hijacking Exploit

Summary Easily install new extensions and manage the ones you already have with the Adobe Extension Manager. Description Adobe Extension Manager CS5 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extensions are .mxi...

9.3CVSS6.3AI score0.11326EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2010/08/26 12:0 a.m.29 views

Microsoft Visio 2010 v14.0.4514.1004 (dwmapi.dll) DLL Hijacking Exploit

Summary Microsoft Visio is a diagramming program for Microsoft Windows that uses vector graphics to create diagrams. Description MS Visio 2010 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extension is .vss thru...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/08/26 12:0 a.m.56 views

Adobe Device Central CS5 v3.0.1.0 (dwmapi.dll) DLL Hijacking Exploit

Summary Adobe® Device Central CS5 software simplifies the production of innovative and compelling content for mobile phones and consumer electronics devices. Adobe Device Central CS5 now offers support for HTML and the latest versions of Adobe Flash® Player software. Description Adobe Device...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/08/26 12:0 a.m.25 views

Microsoft Office PowerPoint 2007 v12.0.4518 (pp4x322.dll) DLL Hijacking Exploit

Summary Microsoft PowerPoint is a presentation program by Microsoft. It is part of the Microsoft Office suite, and runs on Microsoft Windows and Apple's Mac OS X operating system. Description MS PowerPoint 2007 suffers from a dll hijacking vulnerability that enables the attacker to execute...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/08/26 12:0 a.m.36 views

Adobe ExtendedScript Toolkit CS5 v3.5.0.52 (dwmapi.dll) DLL Hijacking Exploit

Summary The ExtendScript Toolkit ESTK 3.5.0 is a scripting utility included with Adobe® Creative Suite CS5 and other Adobe applications. The ESTK is used for creating, editing, and debugging JavaScript to be used for scripting Adobe applications. Description Adobe ExtendScript Toolkit CS5 suffers...

9.3CVSS6.1AI score0.12206EPSS
Exploits2
Total number of security vulnerabilities1109