The vulnerability exists due to failure in the "/index.php" scripts to properly sanitize user-supplied input in "icq", "occupation", "from", "interest", "viewemail", "user_sorttopics" and "language" variables. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.
The vulnerability exists due to failure in the "/module/log/vislog.php" & "/module/forum/main.php" & "/module/forum/forum.php" scripts to properly sanitize user-supplied input, it's possible to create/read any file and include any remote file if register_globals = On.
HtaEdit v 3.2.3.0 is vulnerable to a buffer overflow vulnerability when a maliciously crafted .hta file is opened. This can be exploited to execute arbitrary code by tricking a user into opening a specially crafted .hta file.
Input passed to the "loader_file" parameter in includes/initsystem.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks. Successful exploitation requires that register_globals is set to On.
A buffer overflow vulnerability exists in Crystal Reports Viewer v8.0.0.371 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by supplying a large string of data to the SearchByFormula function, resulting in a buffer overflow and potentially allowing arbitrary code execution.
The avipbb.sys kernel driver distributed with Avira Premium Security Suite contains a race condition vulnerability in the handling paramaters of NtCreatekey function. Exploitation of this issue allows an attacker to crash system(make infamous BSoD) or gain escalated priviliges. An attacker would need local access to a vulnerable computer to exploit this vulnerability.
Minishare 1.5.5 is vulnerable to a buffer overflow vulnerability due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request containing an overly long string of data to the vulnerable application. This can result in arbitrary code execution in the context of the application.
A SQL injection vulnerability exists in digiSHOP 2.0.2 which allows an attacker to execute arbitrary SQL commands on the vulnerable system. By sending a specially crafted HTTP request to the vulnerable application, an attacker can execute arbitrary SQL commands on the underlying database. This can be used to bypass authentication, access, modify and delete data within the database.
eLouai's Force Download of media files script is vulnerable to path traversal, which allows an attacker to access arbitrary files and directories stored on the web server. By manipulating the 'file' parameter in a malicious manner, an attacker can traverse the file system to access sensitive files and directories.
A buffer overflow vulnerability exists in Minishare 1.4.0 - 1.5.5, which allows an attacker to execute arbitrary code by sending a specially crafted request containing a malicious payload. The payload is written to a file called 'users.txt' and placed in the Minishare directory. When the program is run, the malicious payload is executed.
Services By CQR