An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.
Microsoft Excel is susceptible to two unspecified memory-corruption vulnerabilities. The issues present themselves when Microsoft Excel tries to process malformed or corrupted XLS files. Attackers may exploit these issues to crash the affected application and possibly to execute arbitrary machine code.
phpProfiles is vulnerable to Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable parameter 'reqpath' in 'body.inc.php', 'body_blog.inc.php' and 'upload_ht.inc.php' files. This malicious URL can be used to execute arbitrary code on the vulnerable server.
PAFileDB Extreme Edition is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
TML CMS is prone to multiple input validation vulnerabilities. Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
VCD-db is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
This exploit is used to cause a denial of service on Microsoft Windows NAT Helper Components. The bug is caused by a 0x0000 value in the payload which causes the NAT to crash. The exploit is written in Perl and uses IO::Socket to send the payload to the target.
Scout Portal Toolkit is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. Other attacks are also possible.
Multiple vendors fail to clear the BIOS (Basic Input-Output System) keyboard buffer after reading the preboot authentication password during the system startup process. Depending on the operating system running on affected computers, the memory region may or may not be available for user-level access. With Linux operating systems, superuser access is required. With Microsoft Windows operating systems, nonprivileged users may access the keyboard buffer region. Attackers who obtain the password used for preboot authentication may then use it for further attacks.
Microsoft Windows is prone to a local denial of service vulnerability. This issue can allow an attacker to trigger a system wide denial of service condition or terminate arbitrary processes. Reports indicate that a process can call the 'CreateRemoteThread' function to trigger this issue. It was reported that this attack can be carried out by a local unprivileged user.
Services By CQR