The exploit allows an attacker to include local files by manipulating the 'controller' parameter in the URL. The vulnerability can be exploited by appending '../../../../../../../../../../../' to the 'controller' parameter.
The method in which Java Web Start support has been added to the JRE is not less than a deliberately embedded backdoor or a flagrant case of extreme negligence. The code snippet provided shows a subroutine that is responsible for opening a registry key with the path "JNLPFileShellOpenCommand" and it sets the desired access rights and options. This vulnerability can potentially allow an attacker to execute arbitrary code or perform unauthorized actions on the affected system.
This exploit targets CompleteFTP v3.3.0 and causes remote memory consumption denial of service. The exploit saturates the RAM to approximately 2GB in around 60 seconds.
This exploit takes advantage of the _init section in a shared library to execute arbitrary code or crash an application. By overwriting the _init section with shellcode or malicious data, an attacker can exploit applications that use shared libraries, such as Mozilla, Geany IDE, Compiz, and Epiphany web browser. The exploit involves creating a custom compiled file with a custom _init section that executes the execve() function to spawn a shell. The exploit is in the form of a shared library file (.so).
The Joomla Component VJDEO 1.0 is vulnerable to a Local File Inclusion (LFI) exploit. By manipulating the 'controller' parameter in the index.php file, an attacker can access sensitive system files, such as /etc/passwd.
This exploit allows for the binding of a persistent command shell on port 9999. It has been tested on Windows 2000 Professional SP3 English version with fp30reg.dll version 4.0.2.5526.
The Virata EmWeb software is embedded in multiple printers and DSL modems. For example the HP Color LaserJet 2800-series. When sending a long header (long filename), the printer will reboot. Other soft- and hardware isn't tested yet.
This exploit takes advantage of a format string vulnerability in GNU Mailutils 0.6 imap4d. By sending a specially crafted 'search' command, an attacker can execute arbitrary code on the target system. This exploit uses hardcoded values from GNU/Debian testing (etch).
The Joomla Magic Updater component (com_joomlaupdater) is vulnerable to a Local File Inclusion (LFI) vulnerability. This vulnerability can be exploited by an attacker to read arbitrary files on the server.
Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. A Path Traversal attack aims to access files and directories that are stored outside the web root folder.
Services By CQR