Wordpress allows authorised users to add an attachment to a blog post. It does not sanitize provided file properly before moving it to an uploads directory. An attacker can upload a malicious PHP file with a double extension (e.g. file.php.jpg) and execute arbitrary code on the server.
This exploit allows an attacker to steal e-mail from a different domain by using an XSL stylesheet to inject a malicious script into the page. The script then alerts the attacker with the contents of the page, which includes the e-mail from the other domain.
Multiple vulnerabilities has been found which a allow an attacker to conduct various XSS and CSRF attack, and other attacks due to the use of an old an not hardened version of the web server.
Quick Heal installs the own program files with insecure permissions (Everyone: Full Control). Local attacker (unprivileged user) can replace some files (for example, executable files of Quick Heal services) by malicious file and execute arbitrary code with SYSTEM privileges.
There is a full path disclosure vulnerability concerning the preg_match() php function which allow attackers to gather the real path of the server side script. The preg_match() PHP function takes strings as parameters and will raise warnings when values that are passed are arrays rather then strings. To get the path of the current script, you simply need to pass the arguments as arrays rather then expected strings and then simply read the warning message generated by PHP to see the error including the full path of the current running script.
Full Path Disclosure allows attackers to gather the real path of the server side script. Proof of concept: http://www.[xxxxx].com/path/index.php?page=new_topic&index=1&id=union and http://www.[xxxx].com/[path]/index.php?page=search&start=1&keyword=§ion=all&search=1
The Palm Pre WebOS <=1.1 suffers from a JavaScript injection attack that allows a malicious attacker to access any file on the mobile device. A specially crafted email can access any file on the Palm Pre WebOS version <=1.1 mobile device and send it to a web site of the attacker's choice just by viewing the email. The Palm Pre WebOS 1.1 and lower will parse and execute JavaScript contained in an email it receives. Exploiting this vulnerability allows an attacker to read/extract any file and post it to a remote website the attacker controls.
This exploit is a proof of concept for a local denial of service vulnerability in VMware Fusion versions 2.0.4 and 2.0.5. The exploit is triggered by sending a malicious ioctl request to the /dev/vmmon device. This causes the kernel to panic and the system to crash.
OpenLDAP is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to deny service to legitimate users. Attackers use readily available LDAP commands to exploit this issue.
This exploit requires the driver to be 'un-initialised', that is, you need to hit it _before_ VMware Fusion is first used! (or, just use another bug to panic the box first ;))