The php-revista version 1.1.2 is vulnerable to remote file inclusion. An attacker can include arbitrary files from a remote server, which can lead to remote code execution.
Unknown
This exploit can be used to gain administrative privileges on McAfee Web Reporter 5.2.1 by exploiting the Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet vulnerability. It allows remote code execution by marshalling objects over HTTP.
The V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities due to a failure in the application to properly sanitize user-supplied input. An attacker can leverage these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user, potentially stealing authentication credentials and launching other attacks. Additionally, a successful exploit could compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This module exploits a stack based buffer overflow on Cogent DataHub 7.3.0. The vulnerability exists in the HTTP server - while handling HTTP headers, a strncpy() function is used in a dangerous way. This module has been tested successfully on Cogent DataHub 7.3.0 (Demo) on Windows XP SP3.
A buffer overflow is triggered when a long STOR command is sent to the server continued of these /../ parameters
A file include web vulnerability is detected in the FTP OnConnect v1.4.11 mobile application (Apple iOS - iPad & iPhone). The file include vulnerability allows remote attackers to include (upload) local file or path requests to compromise the application or service. The vulnerability is located in the upload module when processing to upload files with manipulated filenames in the POST method request & header. The attacker can inject local path or files to request context and compromise the mobile device or ftp service. The validation has a bad side effect which impacts the risk to combine the attack with persistent injected script code.
A local command/path injection web vulnerability is detected in the ePhoto Transfer v1.2.1 application (Apple iOS - iPad & iPhone). The vulnerability allows local attackers to inject commands or path request on application-side of the vulnerable module.
Post Affiliate Pro is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The exploit is a buffer overflow vulnerability in AudioCoder 0.8.22. It allows an attacker to execute arbitrary code by sending a specially crafted .lst file. The vulnerability occurs when the program fails to properly validate user input, resulting in a buffer overflow. By exploiting this vulnerability, an attacker can gain remote code execution on the affected system.
Services By CQR