This module exploits a stack-based buffer overflow in the Win32AddConnection function of the VideoLAN VLC media player. Versions 0.9.9 throught 1.0.1 are reportedly affected. This vulnerability is only present in Win32 builds of VLC. This payload was found to work with the windows/exec and windows/meterpreter/reverse_tcp payloads. However, the windows/meterpreter/reverse_ord_tcp was found not to work.
The mod_visitorsgooglemap module of Visitors Google Map Lite 1.0.1 (FREE) is vulnerable to remote SQL injection. The vulnerability exists in the map_data.php file.
The Tour de France Pool for Joomla is vulnerable to a remote file-include vulnerability. The application fails to properly sanitize user-supplied input, allowing an attacker to include and execute arbitrary files remotely. Exploiting this vulnerability can lead to compromise of the application and the underlying system. Other attacks may also be possible.
The Particle Gallery application is prone to a cross-site scripting vulnerability due to inadequate sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other malicious activities.
The News Manager Deluxe software is prone to a local file-include vulnerability due to a failure to properly sanitize user-supplied input. An attacker can exploit this issue to view files and execute local scripts.
This exploit allows an attacker to remotely disclose files on a system running Xnews 1.0.1. The vulnerability was discovered by r0ut3r and can be exploited by sending a specially crafted request to the server. The exploit has been tested on Xnews 1.0.1.
This vulnerability allows remote attackers to include arbitrary files via a specially crafted URL in the env[inc_path] parameter in the config.php script.
The WP Ajax Recent Posts WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
/modules/flashgames/game.php?lid=-19/**/UNION/**/SELECT/**/0,1,pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/**/FROM/**/xoops_users/**/LIMIT/**/1,1/*
The GoSamba 1.0.1 software is vulnerable to multiple remote file inclusion vulnerabilities. Attackers can exploit these vulnerabilities by including arbitrary remote files via the 'include_path' parameter in various PHP files.
Services By CQR