A buffer overflow vulnerability exists in the TFTP Server for Windows V1.4 ST, which could allow an attacker to execute arbitrary code on the vulnerable system. The vulnerability is due to insufficient bounds checking of user-supplied data, which can be exploited by sending a specially crafted packet to the TFTP server. Successful exploitation could result in arbitrary code execution with the privileges of the TFTP service.
A vulnerability in the Linksys WRT54G router allows an attacker to bypass authentication and poison the DNS settings. This can be done by sending a specially crafted HTTP POST request to the router's web interface. The request contains the new DNS settings which will be applied to the router.
TopperMod v1.0 is vulnerable to Local File Inclusion. The vulnerability exists due to the lack of sanitization of the 'to' parameter in the 'mod.php' script. An attacker can exploit this vulnerability to include arbitrary local files, leading to the disclosure of sensitive information and/or the execution of arbitrary code.
TopperMod v2.0 is vulnerable to SQL Injection. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'localita' parameter in the '/account/index.php' script. An attacker can exploit this vulnerability to gain access to the application with administrative privileges, or to change the password of a remote user.
A vulnerability exists in Joomla Component com_alphacontent versions 2.5.4 and 2.5.8, which allows an attacker to inject arbitrary SQL commands via the 'id' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as usernames and passwords.
BolinOS system has multiple security vulnerabilities: 1. Local File Include vulnerability found in system/_b/contentFiles/gbincluder.php, 2. Multiple Linked XSS vulnerabilities, 2.1 Linked XSS vulnerability found in page /system/actionspages/_b/contentFiles/gBImageViewer.php, 2.2 Linked XSS vulnerability found in page /system/actionspages/_b/contentFiles/gBselectorContents.php, 3. Multiple XSS in POST, 3.1 XSS vulnerability found in page /system/actionspages/_b/contentFiles/gBselectorContents.php, 4. System information disclosure vulnerability found in page /system/actionspages/_b/contentFiles/gBselectorContents.php
A photo gallery for e107, powered by Highslide JS script. with random gallery menu and navigation menu. The vulnerability is caused due to an input validation error in dload.php when processing arguments passed to the 'file' parameter. This can be exploited to download arbitrary files from the affected system.
MPlayer and VLC are vulnerable to a buffer overflow vulnerability due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted RTSP request containing a maliciously crafted StreamCount parameter. This can lead to arbitrary code execution on the vulnerable system.
send_user_mode in s_user.c does not check that the argument after a +r mode is present, if it is not than the NULL sentinel may be missed, causing the function to iterate over the boundary of the array. One possible exploit: /mode nickname i i i i i i i i i i i i i i i r r r r s
This exploit allows an attacker to bypass authentication and gain access to the system. The exploit is coded in Python and requires the urllib, sys and re libraries. The attacker must provide a valid username and password for a normal user of destar, and then the exploit will attempt to log in as the root user. If successful, the attacker will have access to the system.