A local file inclusion vulnerability exists in phpMyAdmin 2.6.4-pl1. An attacker can exploit this vulnerability to include arbitrary files from the local system, which can lead to remote code execution. The vulnerability is due to insufficient sanitization of user-supplied input to the 'usesubform[1]' and 'usesubform[2]' parameters in the 'grab_globals.lib.php' script.
Cyphor 0.19 (possibly prior versions) is vulnerable to SQL injection and board takeover. This exploit requires the attacker to make changes in php.ini such as allow_call_time_pass_reference = on and register_globals = on. The attacker can then launch the script from Apache, fill the requested fields, and send themselves any user/admin password.
Utopia News Pro 1.1.3 (possibly prior versions) is vulnerable to SQL Injection which allows an attacker to gain administrative credentials.
Virtools is prone to a buffer-overflow and directory traversal vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the application or to access sensitive information. Successful exploits may allow attackers to gain unauthorized access.
A buffer overflow vulnerability was found in Prozilla while auditing for Gentoo bug #70090. The vulnerability allows an attacker to execute arbitrary code by overflowing a buffer with a specially crafted payload.
Georgi Guninski discovered a buffer overflow in Microsoft Internet Explorer. The vulnerability is caused due to an error in the handling of overly long escape() strings. This can be exploited to cause a stack-based buffer overflow via a malicious web page.
There is a remotly exploitable format string vulnerability in the latest Helix Media Player suit that will allow an attacker the possibility to execute malicious code on a victims computer. The exploit code will execute a remote shell under the permissions of the user running the media player, and effects all versions of RealPlayer and Helix Player. The bug is exploitable by abusing media, including .rp (relpix)and .rt (realtext) file formats.
This exploit takes advantage of a vulnerability in the Qpopper poppassd service on FreeBSD 5.4-RELEASE. It creates a malicious shared library and sets it in the /etc/libmap.conf file, which is then used by the poppassd service to gain root privileges.
This exploit is a local privilege escalation vulnerability in the Linux Qpopper poppassd service. It allows a local user to gain root privileges by exploiting a flaw in the poppassd service. The exploit works by creating a shared library file with a malicious _init() function, which is then loaded by the poppassd service. This malicious library file then executes a setuid shell, which gives the user root privileges.
My Little Forum 1.5 (possibly prior versions) SQL Injection / MD5 password hash disclosure poc exploit with proxy support. This exploit allows an attacker to dump all password hashes from the database.