A remote file inclusion vulnerability exists in the AroundMe component for Joomla! 1.5.0. The vulnerability is due to the application including a file specified in the language_path parameter of the connect.php script. This can be exploited to execute arbitrary PHP code by including a malicious file from a remote location.
Ghostscript is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input. Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed.
Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer. Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application.
A vulnerability exists in the Image Manager plugin for WordPress, which allows an attacker to upload a malicious shell to the /demo_images/ directory. This can be done by accessing the /plugins/ImageManager/manager.php page and uploading a GIF89a shell.
PHPShop 0.8.1 is vulnerable to SQL Injection, Blind SQL Injection, CSRF and XSS. The SQL Injection security check can be bypassed by replacing spaces with comments (/**/). An attacker can inject malicious SQL queries to gain access to sensitive information from the database. An attacker can also inject malicious JavaScript code to gain access to the user's cookies. An attacker can also perform CSRF attacks to perform malicious actions on behalf of the user.
A buffer overflow vulnerability exists in HTML Help Workshop 4.74, which could allow remote code execution. The vulnerability is due to a boundary error when handling a specially crafted .hhp file. An attacker could exploit this vulnerability by enticing a user to open a malicious .hhp file. Successful exploitation could result in arbitrary code execution in the context of the user.
This exploit is for Audacity 1.2.6 (gro File) Buffer overflow vulnerability. It uses an address as an universal, but it can't be called to jump as it causes privileged_ exception. It has been tested on Windows XP SP3.
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account.
An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable parameter 'cat' in the 'classifieds.php' script. This will allow the attacker to gain access to the database and extract sensitive information.
A remote file inclusion vulnerability exists in Joomla! Component JoomGallery, which allows an attacker to include a remote file on the vulnerable server. This vulnerability is due to the lack of proper validation of user-supplied input in the 'option' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. Successful exploitation of this vulnerability can result in arbitrary code execution on the vulnerable server.
Services By CQR