This exploit allows an attacker to upload arbitrary files to a vulnerable Syntax CMS version 1.3 website. The vulnerability exists in the /public/fckeditor/editor/filemanager/upload/php/upload.php file, which does not properly validate the file type of the uploaded file. This allows an attacker to upload malicious files, such as PHP scripts, to the vulnerable website.
Adobe Acrobat Reader <= 8.1.2 is vulnerable to a remote denial of service attack when a malformed PDF file is opened. The reader will crash when a file containing the string '00414141 AcroRd32.00414141' is opened.
The vulnerability exists due to insufficient filtration of user-supplied input passed via the 'articulo_id' parameter to '/php/leer_comentarios.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability may allow an attacker to gain access to sensitive information from the database, modify data, delete data, or exploit vulnerabilities in the underlying database implementation.
A vulnerability in the Joomla Component Artist allows for remote SQL injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a specially crafted SQL query that can be used to extract sensitive information from the database.
PHPhotoalbum v0.5 is prone to multiple remote SQL injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
A stack-based buffer overflow vulnerability exists in the CacheFolder property of the Creative Software AutoUpdate Engine ActiveX control. After 260 bytes, the stack-based buffer overflows and allows code execution reliably at 512 bytes.
This proof-of-concept code exploits a vulnerability in CA Internet Security Suite 2008 (UmxEventCli.dll/SaveToFile()) which allows a remote attacker to corrupt a file on the vulnerable system. The vulnerability is caused due to the application not properly validating user-supplied input before using it in a filesystem operation. This can be exploited to corrupt arbitrary files on the vulnerable system.
OtomigenX v2.2 is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to read sensitive files on the server, such as /etc/passwd.
This exploit allows an attacker to exhaust the memory of a vulnerable server running PHP. The exploit works by sending a specially crafted HTTP request to the target server, which contains a base64 encoded payload. The payload contains a loop that allocates a large amount of memory and then goes to sleep for a long period of time. This causes the server to exhaust its memory, leading to a denial of service.
CKGold Shopping Cart 2.5 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Services By CQR