On eUploader PRO script there is no cross site request forgery protection and we can use this to edit any user's profile and set him regular or master admin privileges, change email and password. The only thing required is ID of the user we want to edit. Additionally, this will remove uploaded file by its id and there is a permanent XSS vulnerability.
A SQL injection vulnerability exists in FILE SHARE V 1.0, which is a web application developed by http://www.script-ati.com. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
A vulnerability exists in D-Tendencia Bt 2008 which allows an attacker to inject malicious SQL queries via the 'lcat_id' parameter in the 'list.php' script. An attacker can use this vulnerability to gain access to sensitive information from the database, such as usernames and passwords. The vulnerable parameter can be found in the URL http://server/list.php?lcat_id=[N.A.S.T]. The exploit code for this vulnerability is http://server/list.php?lcat_id=-1+union+select+concat(admin_name,0x3a,admin_pass,0x3a,admin_mail)+from+admin.
WHMCompleteSolution CMS is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a specially crafted SQL query that can be used to extract sensitive information from the database, such as usernames and passwords. The vulnerable file is http://server/weblink_cat_list.php?bcat_id=[N.A.S.T ]. The exploit is http://server/weblink_cat_list.php?bcat_id=-1+UNION+SELECT+1,GROUP_concat(id,0x3a,username,0x3a,password),3,4+from+user.
Connection has discovered a Buffer Overflow in Picasa 3.5 created by Google. An attacker is able to overflow the EAX register by creating a text slide with a large block of text.
WP-Forum fails to sanitized user supplied input and is vulnerable to SQL Injection and Blind SQL Injection. An attacker can obtain any data of the database including user logins and password's of the WordPress installation, allowing him to obtain access to the application and gain administration privileges. For the SQL Injection vulnerability, is possible to concatenate other sql requests via 'union select' sentence. The parameters 'search_max' and 'forum' are affected by this flaw.
VideoCache's 'vccleaner' utility is intended to be executed with root permissions periodically, to remove expired videos from the cache. Upon execution, it looks for old files under the cache directory /var/spool/videocache (writable by the Squid proxy user) and deletes them. An attacker with the privileges of the Squid proxy server can append semi-arbitrary data to arbitrary files with root privileges, upon the administrator's execution of the 'vccleaner' utility.
The Sections module contains a cross site scripting vulnerability because it does not properly sanitize output of section names before display.
Insecure permissions have been detected in multiple Kaspersky Lab antivirus products, allowing an unprivileged user to replace some files (for example, executable modules) in the BASES folder with a malicious file and execute arbitrary code with SYSTEM privileges. This is a local privilege escalation vulnerability.
A vulnerability exists in the Free ASP GuestBookPro Script, which can be exploited by malicious people to disclose the database. The vulnerability is caused due to the guestbook.mdb file being accessible directly from the web. This can be exploited to disclose the database.