header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

NukeHall <= 0.3 Multiple Remote File Include Vulnerability

NukeHall version 0.3 is vulnerable to multiple Remote File Include vulnerabilities. The vulnerable files are blocks.php, messages.php and stories.php located in the admin/modules directory. An attacker can exploit these vulnerabilities by sending a malicious URL in the spaw_root parameter. This will allow the attacker to execute arbitrary code on the vulnerable server.

KR-Web <= 1.1b2 Remote File Include Vulnerability

KR-Web version 1.1b2 is vulnerable to a Remote File Include vulnerability. The vulnerability exists in the file krgourl.php, located in the adm directory. The vulnerable code is on line 2, where the variable $DOCUMENT_ROOT is included without any sanitization. An attacker can exploit this vulnerability by sending a malicious URL in the DOCUMENT_ROOT parameter. This will allow the attacker to execute arbitrary code on the vulnerable server.

mygallery Joomla Component ( farbinform_krell)

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'cid' parameter of the 'viewcategory' component. A remote attacker can send a specially crafted request to the vulnerable component and execute arbitrary SQL commands in application's database. This can allow the attacker to steal sensitive data from the database, modify existing data, execute administration operations, etc.

Autodesk Maya Script Nodes Arbitrary Command Execution

Autodesk Maya offers so called 'Script Nodes' as a way to program animation behavior using MEL (Maya Embedded Language) and the Python programming language. The Autodesk Maya file formats support embedding of scripting code as part of a scene package. Programs embeded in Maya files using scripting code are automatically executed upon opening of the file. An attacker can take control of a system where Maya is installed by sending a specially crafted scene package and enticing the user to open it. The scripting code will run with the privileges of the user running the Maya application.

Autodesk SoftImage Scene TOC Arbitrary Command Execution

Autodesk Softimage by default saves a .scntoc file along with the scene content tree. The scene TOC (scene table of contents) is an XML-based file that contains scene information. When you open a scene file, Softimage looks for a corresponding scene TOC file and automatically reads and applies the information it contains. Scene TOC XML files can be modified to execute arbitrary commands without user intervention by design. An attacker can take full control of the machine where SoftImage is installed by sending a specially crafted scene package and enticing the user to open it.

Adobe Reader and Acrobat Memory Corruption Vulnerability

Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

Bugtraq ID: 36841

Tavis Ormandy and Julien Tinnes of the Google Security Team discovered a design error in VMWare Workstation 6.5.3, VMWare Workstation 6.5.2 build 156735, VMWare Workstation 6.5.2, VMWare Workstation 6.5.1, VMWare Workstation 6.5 build 118166, VMWare Server 2.0.1 build 156745, VMWare Server 2.0.1, VMWare Server 1.0.9 build 156507, VMWare Server 1.0.9, VMWare Server 1.0.8 build 126538, VMWare Server 1.0.8, VMWare Server 1.0.7 build 108231, VMWare Server 1.0.7, VMWare Server 1.0.6 build 91891, VMWare Server 1.0.6, VMWare Server 1.0.5 Build 80187, VMWare Server 1.0.5, VMWare Server 1.0.4, VMWare Server 1.0.3, VMWare Server 1.0.2, VMWare Server 2.0, VMWare Player 2.5.3, VMWare Player 2.5.2 build 156735, VMWare Player 2.5.2, VMWare Player 2.5.1, VMWare Player 2.5 build 118166, VMWare Fusion 2.0.6, VMWare Fusion 2.0.5, VMWare Fusion 2.0.4, VMWare Fusion 2.0.3, VMWare Fusion 2.0.2 build 147997, VMWare Fusion 2, VMWare ESXi Server 4.0, VMWare ESXi Server 3.5 ESXe350-20090440, VMWare ESXi Server 3.5, VMWare ESX Server 3.0.3 ESX303-200905401-SG, VMWare ESX Server 3.0.3 ESX303-200812406-BG, VMWare ESX Server 3.0.3, VMWare ESX Server 3.0.3, VMWare ESX Server 3.0.2 ESX-1008420, VMWare ESX Server 3.0.2, VMWare ESX Server 3.0.1, VMWare ESX Server 3.0, VMWare ESX Server 2.5.5 patch 9, VMWare ESX Server 2.5.5 patch 8, VMWare ESX Server 2.5.5 patch 6, VMWare ESX Server 2.5.5 patch 4, VMWare ESX Server 2.5.5 patch 2, VMWare ESX Server 2.5.5 patch 13, VMWare ESX Server 2.5.5 patch 12, VMWare ESX Server 2.5.5 patch 11, VMWare ESX Server 2.5.5 patch 10, VMWare ESX Server 2.5.5, VMWare ESX Server 2.5.4 patch 21, VMWare ESX Server 2.5.4 patch 19, VMWare ESX Server 2.5.4 Patch 17, VMWare ESX Server 2.5.4 Patch 16, VMWare ESX Server 2.5.4 patch 15, VMWare ESX Server 2.5.4 patch 13, VMWare ESX Server 2.5.4 Patch 1, VMWare ESX Server 2.5.4, VMWare ESX Server 2.5.4, VMWare ESX Server 2.5.4, VMWare ESX Server 2.5.4, VMWare ESX Server 2.5.3 Patch 4, VMWare ESX Server.

Bugtraq ID: 36097

A vulnerability in SuSE openSUSE 11.0, SuSE openSUSE 10.3, SuSE Linux 9, SuSE Linux 11, SuSE Linux 10.0, RedHat Fedora 11, RedHat Fedora 10, RedHat Enterprise Linux WS 4, RedHat Enterprise Linux WS 3, RedHat Enterprise Linux ES 4, RedHat Enterprise Linux ES 3, RedHat Enterprise Linux AS 4, RedHat Enterprise Linux AS 3, RedHat Enterprise Linux Desktop version 4, RedHat Desktop 3.0, Python Software Foundation Python 3.0.1, Python Software Foundation Python 2.6.2, Python Software Foundation Python 2.5.3, Python Software Foundation Python 2.5.2 r6, Python Software Foundation Python 2.5.2, Python Software Foundation Python 2.5.1, Python Software Foundation Python 2.4.5, Python Software Foundation Python 2.4.4 r14, Python Software Foundation Python 2.4.4, Python Software Foundation Python 2.4.3, Trustix Secure Linux 3.0.5, Python Software Foundation Python 2.4.2, Python Software Foundation Python 2.4.1, Python Software Foundation Python 2.4, Python Software Foundation Python 2.3.6, Python Software Foundation Python 2.3.5, Python Software Foundation Python 2.3.4, MandrakeSoft Linux Mandrake 10.1 x86_64, MandrakeSoft Linux Mandrake 10.1, S.u.S.E. Linux Personal 9.2 x86_64, S.u.S.E. Linux Personal 9.2, Ubuntu Ubuntu Linux 4.1 ppc, Ubuntu Ubuntu Linux 4.1 ia64, Ubuntu Ubuntu Linux 4.1 ia32, Python Software Foundation Python 2.3.3, MandrakeSoft Corporate Server 3.0 x86_64, MandrakeSoft Corporate Server 3.0, MandrakeSoft Linux Mandrake 10.0 AMD64, MandrakeSoft Linux Mandrake 10.0, MandrakeSoft Linux Mandrake 9.2 amd64, MandrakeSoft Linux Mandrake 9.2, S.u.S.E. Linux Personal 9.0 x86_64, S.u.S.E. Linux Personal 9.0, Python Software Foundation Python 2.3.2, Python Software Foundation Python 2.3.1, Python Software Foundation Python 2.3 b1, Python Software Foundation Python 2.3, S.u.S.E. Linux Personal 9.0 x86_64, S.u.S.E. Linux Personal 9.0, Python Software Foundation Python 2.2.3, Python Software Foundation Python 2.2.2, Python Software Foundation Python 2.2.1, Python Software Foundation Python 2.2 is present in the software, which allows an attacker to perform an input validation error.

Bugtraq ID: 35451

A vulnerability in Ubuntu Linux versions 9.04, 8.10, 8.04 LTS, and 6.06 LTS, as well as Sun Solaris versions 9_x86, 9, 8_x86, 8, 10_x86, 10, and OpenSolaris builds snv_98 to snv_36, allows local users to gain privileges via unspecified vectors.

Recent Exploits: