1109 matches found
eXPert PDF Reader 4.0 NULL Pointer Dereference and Heap Corruption Denial Of Service
Summary eXPert PDF Reader is a free pdf viewer software that lets you view and print pdf documents on windows operating systems. Description The vulnerability is caused due to a NULL pointer dereference when processing malicious Printer Job .pj files and can be exploited to crash the application...
Elecard MPEG Player 5.7 Local Buffer Overflow PoC (SEH)
Summary Elecard MPEG Player is a high-quality full-featured multimedia player supporting the newest formats, designed to provide you with video and audio playback. Description The program suffers from a buffer overflow with SEH overwrite vulnerability when opening playlist file .m3u, as a result ...
WinMerge v2.12.4 Project File Handling Stack Overflow Vulnerability
Summary WinMerge is an Open Source differencing and merging tool for Windows. WinMerge can compare both folders and files, presenting differences in a visual text format that is easy to understand and handle. WinMerge is highly useful for determining what has changed between project versions, and...
phpBugTracker 1.0.5 Multiple Reflected XSS Vulnerabilities
Summary phpBugTracker is a web-based bug tracker with functionality similar to other issue tracking systems, such as Bugzilla. Design focuses on separating the presentation, application, and database layers. phpBugTracker is lightweight and easy to install, operate and administer. Most text can b...
GAzie 5.10 (Login parameter) Multiple Remote Vulnerabilities
Summary GAzie is a multi-company management program ERP that runs on Apache web server with support for PHP and Mysql database. Open Source web-based application for small and medium enterprises. Description GAzie is prone to a cross-site scripting and an SQL Injection vulnerability because it...
AutoPlay v1.33 (autoplay.ini) Local Buffer Overflow Exploit (SEH)
Summary AutoPlay is a shareware application used for making autorun.ini files that can be edited and stored to compact disks. Description The program suffers from a buffer overflow vulnerability when openinng autorun file .ini, as a result of adding extra bytes to parts of the edited file, giving...
MG2 0.5.1 Multiple XSS Vulnerabilities
Summary MG2 is the sequel to the popular image gallery script MiniGal. One of the highlights of MG2 is, that it supports PHP running in safe mode which is unsupported by almost all other dynamic image gallery scripts on the web. Description MG2 suffers from multiple XSS vulns. Several parameters...
Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability
Summary Pixelpost is an open-source, standards-compliant, multi-lingual, fully extensible photoblog application for the web. Anyone who has web-space that meets the requirements can download and use Pixelpost for free! Description Pixelpost is vulnerable to an SQL Injection attack when input is...
Pixelpost 1.7.3 Multiple Persistent Cross-Site Scripting Vulnerabilities
Summary Pixelpost is an open-source, standards-compliant, multi-lingual, fully extensible photoblog application for the web. Anyone who has web-space that meets the requirements can download and use Pixelpost for free! Description Pixelpost is vulnerable to multiple cross-site scripting...
Oracle MySQL Eventum 2.3 Remote Script Insertion Vulnerabilities
Summary Eventum is a user-friendly and flexible issue tracking system that can be used by a support department to track incoming technical support requests, or by a software development team to quickly organize tasks and bugs. Description Eventum suffers from a cross-site scripting vulnerability...
TaskFreak! v0.6.4 Multiple Cross-Site Scripting Vulnerabilities
Summary TaskFreak! Original is a simple but efficient web based task manager written in PHP. Description TaskFreak! suffers from multiple XSS vulnerabilities when parsing input to multiple parameters in different scripts. The vulnerable POST parameters are: 'sContext', 'sort', 'dir' and 'show' th...
CultBooking 2.0.4 (lang) Local File Inclusion Vulnerability
Summary Open source hotel booking system Internet Booking Engine IBE. Via a central api called CultSwitch it is possible to make bookings and set the actual availabilities in the hotels pms. This is easy to install and easy to integrate with full support. Description CultBooking suffers from a...
CultBooking 2.0.4 (cultbooking.php) Multiple XSS/PD Vulnerabilities
Summary Open source hotel booking system Internet Booking Engine IBE. Via a central api called CultSwitch it is possible to make bookings and set the actual availabilities in the hotels pms. This is easy to install and easy to integrate with full support. Description CultBooking Hotel Booking...
Macro Express Pro 4.2.2.1 MXE File Syntactic Analysis Buffer Overflow PoC
Summary Macro Express is the premier Windows macro utility. With Macro Express, you can record, edit and play back mouse and keyboard macros. Its powerful tools and robust features will make you more productive. Description Macro Express Pro suffers from a buffer overflow vulnerability when...
Embedthis Appweb Web Server 3.2.2-1 (Ejscript) Remote XSS Vulnerability
Summary Appweb has a multi-threaded, event-driven, core to deliver exceptional throughput, response and outstanding memory utilization. It is compact and will embed using as little as 800K of memory. Appweb is a standards-based embedded HTTP server that has a wealth of features. Description Appwe...
MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability
Summary MantisBT is a free popular web-based bugtracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a webserver. MantisBT has been installed on Windows, Linux, Mac OS, OS/2, and others. Almost any web browser should be able to...
MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability
Summary MantisBT is a free popular web-based bugtracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a webserver. MantisBT has been installed on Windows, Linux, Mac OS, OS/2, and others. Almost any web browser should be able to...
MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability
Summary MODx Revolution is a powerful PHP Content Management Framework that plays nicely with custom code and helps you build sites faster and maintain them with ease. With Revolution you'll leverage the best things to come around since MVC and Active Record. Description The MODx Revolution CMS...
Native Instruments Kontakt 4 Player NKI File Syntactic Analysis Buffer Overflow PoC
Summary KONTAKT 4 PLAYER is the free sample player based on award-winning KONTAKT technology. Expanding the capabilities of its successful predecessor, the free KONTAKT 4 PLAYER allows for innovative, highly playable instruments leaving technological and musical limitations behind. Description...
Native Instruments Massive 1.1.4 KSD File Handling Use-After-Free Vulnerability
Summary MASSIVE is a sonic monster – the ultimate synth for basses and leads. The analog concept belies the contemporary, cutting-edge sound it generates. The high-end engine delivers pure quality, lending an undeniable virtue and character to even the most saturated of sounds. The interface is...
Native Instruments Kontakt 4 Player v4.1.3 Insecure Library Loading Vulnerability
Summary KONTAKT 4 PLAYER is the free sample player based on award-winning KONTAKT technology. Expanding the capabilities of its successful predecessor, the free KONTAKT 4 PLAYER allows for innovative, highly playable instruments leaving technological and musical limitations behind. Description...
Native Instruments Guitar Rig 4 Player v4.1.1 Insecure Library Loading Vulnerability
Summary GUITAR RIG 4 PLAYER is the free, modular and expandable effects processor from Native Instruments, combining creative effects routing possibilities with ease-of-use and pristine sound quality. The included FACTORY SELECTION library provides one stunning Amp emulation with Matched Cabinet,...
Native Instruments Service Center 2.2.5 Local Privilege Escalation Vulnerability
Summary The NI Service Center is a service used for Product Activation. Description The Native Instruments's Service Center suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist...
Native Instruments Traktor Pro 1.2.6 Stack-based Buffer Overflow Vulnerability
Summary TRAKTOR PRO is the new benchmark in DJ software. Mix digital files on four decks, using the high-quality internal mixer or external hardware, and the best effects suite around. Fully primed for professional use, TRAKTOR PRO redefines the art of DJing. Description Desc: Traktor Pro suffers...
Native Instruments Reaktor 5 Player v5.5.1 Heap Memory Corruption Vulnerability
Summary REAKTOR 5 PLAYER is your free entry point to the award-winning and avant-garde audio world of REAKTOR 5 - the super-powerful modular sound studio that made Native Instruments famous. Description The NI's Reaktor 5 Player suffers from multiple file handling vulnerability when processing .e...
Native Instruments Service Center 2.2.5 Insecure Library Loading Vulnerability
Summary The NI Service Center is a service used for Product Activation. Description The Service Center suffers from a DLL hijacking vulnerability, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused due to the application insecurely loading certain...
Native Instruments Reaktor 5 Player v5.5.1 Insecure Library Loading Vulnerability
Summary REAKTOR 5 PLAYER is your free entry point to the award-winning and avant-garde audio world of REAKTOR 5 - the super-powerful modular sound studio that made Native Instruments famous. Description Reaktor 5 Player suffers from a DLL hijacking vulnerability, which could be exploited by remot...
Nevercenter Silo 2.1.1 Insecure Library Loading Vulnerability
Summary Silo 2 is a focused 3D modeling application with the ability to effortlessly switch between organically sculpting high-polygon models and precisely controlling hard-edged surfaces. It can be used for anything from creating 3D characters for video games and movies to quickly exploring 3D...
Altova DatabaseSpy 2011 Project File Handling Buffer Overflow Vulnerability
Summary Altova DatabaseSpy® 2011 is the unique multi-database query, design, and database comparison tool. It connects to all major databases, easing SQL editing, database structure design, database content editing, database schema and content comparison, and database conversion for a fraction of...
eXV² Content Management System 2.10 Remote XSS Vulnerability
Summary eXV² is a free CMS for building and operating private home pages, small and large communities and it's also easily used for small to medium business presences. Description The CMS suffers from a remote reflected Cross-Site Scripting vulnerability when input passed thru "rssfeedURL" and...
Exponent CMS v0.97 Multiple Vulnerabilities
Summary Open Source Content Management System PHP+MySQL. Description Exponent CMS suffers from multiple vulnerabilities: 1. Local File Inclusion / File Disclosure Vulnerability 2. Arbitrary File Upload / File Modify Vulnerability 3. Reflected Cross-Site Scripting Vulnerability 1 LFI/FD occurs whe...
TomatoCart 1.0.1 (json.php) Remote Cross-Site Scripting Vulnerability
Summary TomatoCart is the new generation of open source shopping cart solution developed by Elootec Technology Co., Ltd. It is branched from osCommerce 3 as a separate project. Description TomatoCart version 1.0.1 suffers from a XSS vulnerability because input passed via the "action" parameter to...
Zen Cart v1.3.9f (typefilter) Local File Inclusion Vulnerability
Summary Zen Cart is an online store management system. It is PHP-based, using a MySQL database and HTML components. Support is provided for numerous languages and currencies, and it is freely available under the GNU GPL. Description Zen Cart v1.3.9f suffers from a file inlcusion vulnerability LFI...
Zen Cart v1.3.9f Multiple Remote Vulnerabilities
Summary Zen Cart is an online store management system. It is PHP-based, using a MySQL database and HTML components. Support is provided for numerous languages and currencies, and it is freely available under the GNU GPL. Description Zen Cart v1.3.9f suffers from a persistent cross-site scripting...
Softek Barcode Reader Toolkit ActiveX 7.1.4.14 (SoftekATL.dll) Buffer Overflow PoC
Summary The Softek Barcode Reader Toolkit for Windows is a SDK that enables applications to extract barcode information from images. The API's available in the toolkit include .net, java, com, ocx and windows dll. The standard version includes support for both 1 and 2-D barcodes and special...
Netautor Professional 5.5.0 (goback) XSS Vulnerability
Summary Netautor Professional is an application server and development environment. Netautor Professional was developed to serve the practical needs of users, and was continuously advanced. -- Digital Workroom is a well proven and time-tested Content Management System. Its based on also...
Textpattern 4.2.0 (txplib_db) Null Termination Cross-Site Scripting Vulnerability
Summary Textpattern is an open source content management system unlike any other; it allows you to easily create, edit and publish content and make it beautiful in a professional, standards-compliant manner. Description Textpattern CMS version 4.2.0 suffers from a XSS vulnerability. Input passed...
MySource Matrix 3.28.3 (height) Remote Reflected XSS Vulnerability
Summary MySource Matrix is a powerful Open Source Content Management System CMS written in PHP and is suitable for many types of organisations. Description Input passed via the "height" parameter to charmap.php is not properly sanitised before being returned to the user. This can be exploited to...
LEADTOOLS ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities
Summary With LEADTOOLS you can control any scanner, digital camera or capture card that has a TWAIN 32 and 64 bit device driver. High-level acquisition support is included for ease of use while low-level functionality is provided for flexibility and control in even the most demanding scanning...
LEADTOOLS ActiveX Raster Twain v16.5 (LtocxTwainu.dll) Remote Buffer Overflow PoC
Summary With LEADTOOLS you can control any scanner, digital camera or capture card that has a TWAIN 32 and 64 bit device driver. High-level acquisition support is included for ease of use while low-level functionality is provided for flexibility and control in even the most demanding scanning...
Nullsoft Winamp 5.581 (wnaspi32.dll) DLL Hijacking Exploit
Summary Winamp is a media player for Windows-based PCs, written by Nullsoft, now a subsidiary of AOL. It is proprietary freeware/shareware, multi-format, extensible with plug-ins and skins, and is noted for its graphical sound visualization, playlist, and media library features. Description Winam...
CorelDRAW X3 v13.0.0.576 (crlrib.dll) DLL Hijacking Exploit
Summary Graphic design software for striking visual communication. Description CorelDRAW X3 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extensions are .cmx and .csl thru crlrib.dll library. / CorelDRAW X3...
Corel PHOTO-PAINT X3 v13.0.0.576 (crlrib.dll) DLL Hijacking Exploit
Summary Graphic design software for striking visual communication. Description Corel PHOTO-PAINT X3 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extension is .cpt thru crlrib.dll library. / Corel PHOTO-PAINT X3...
Google Earth v5.1.3535.3218 (quserex.dll) DLL Hijacking Exploit
Summary Google Earth lets you fly anywhere on Earth to view satellite imagery, maps, terrain, 3D buildings, from galaxies in outer space to the canyons of the ocean. You can explore rich geographical content, save your toured places, and share with others. Description Google Earth suffers from a...
Media Player Classic 6.4.9.1 (iacenc.dll) DLL Hijacking Exploit
Summary Media Player Classic MPC is a compact media player for 32-bit Microsoft Windows. The application mimics the look and feel of the old, lightweight Windows Media Player 6.4 but integrates most options and features found in modern media players. It and its forks are standard media players in...
Adobe Extension Manager CS5 v5.0.298 (dwmapi.dll) DLL Hijacking Exploit
Summary Easily install new extensions and manage the ones you already have with the Adobe Extension Manager. Description Adobe Extension Manager CS5 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extensions are .mxi...
Microsoft Visio 2010 v14.0.4514.1004 (dwmapi.dll) DLL Hijacking Exploit
Summary Microsoft Visio is a diagramming program for Microsoft Windows that uses vector graphics to create diagrams. Description MS Visio 2010 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extension is .vss thru...
Adobe Device Central CS5 v3.0.1.0 (dwmapi.dll) DLL Hijacking Exploit
Summary Adobe® Device Central CS5 software simplifies the production of innovative and compelling content for mobile phones and consumer electronics devices. Adobe Device Central CS5 now offers support for HTML and the latest versions of Adobe Flash® Player software. Description Adobe Device...
Microsoft Office PowerPoint 2007 v12.0.4518 (pp4x322.dll) DLL Hijacking Exploit
Summary Microsoft PowerPoint is a presentation program by Microsoft. It is part of the Microsoft Office suite, and runs on Microsoft Windows and Apple's Mac OS X operating system. Description MS PowerPoint 2007 suffers from a dll hijacking vulnerability that enables the attacker to execute...
Adobe ExtendedScript Toolkit CS5 v3.5.0.52 (dwmapi.dll) DLL Hijacking Exploit
Summary The ExtendScript Toolkit ESTK 3.5.0 is a scripting utility included with Adobe® Creative Suite CS5 and other Adobe applications. The ESTK is used for creating, editing, and debugging JavaScript to be used for scripting Adobe applications. Description Adobe ExtendScript Toolkit CS5 suffers...