A buffer overflow vulnerability exists in Autodesk MapGuide Viewer ActiveX (MGAXCTRL.DLL) when handling a specially crafted Property Let LayersViewWidth As Long request. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user.
None
Attackers can use this issue to gain access to restricted files, potentially obtaining sensitive information that may aid in further attacks.It can help attacker to bypass restriction such as mod_security , Safemod and disable functions.
A vulnerability exists in apps dompdf, which allows a remote attacker to include a file from a remote location, due to insufficient sanitization of user-supplied input to the 'input_file' parameter. An attacker can exploit this vulnerability to include a malicious file from a remote location and execute arbitrary code on the vulnerable system.
mBlogger v1.0.04 is vulnerable to a SQL injection vulnerability due to improper sanitization of user-supplied input in the 'postID' parameter of the 'viewpost.php' script. An attacker can exploit this vulnerability to extract sensitive information from the database, such as usernames and passwords.
Input passed via the "page" parameter to index.php is not properly sanitised before being used in a SQL query. Input passed to the "ps_session" cookie parameter is not properly sanitised before being used in a SQL query.
A vulnerability exists in JE FAQ Pro version 1.5.0 which allows an attacker to inject malicious SQL queries via the 'catid' parameter in the 'index.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation could result in the disclosure of sensitive information from the database.
A vulnerability in the Joomla component Picsell allows an attacker to disclose sensitive files from the server. By manipulating the 'dflink' parameter in the 'task=dwnfree' request, an attacker can access arbitrary files on the server. This vulnerability affects versions prior to 1.0.2.
A buffer overflow vulnerability exists in the QuickTime Plugin for Internet Explorer due to improper bounds checking of user-supplied data. An attacker can exploit this vulnerability by enticing a victim into visiting a specially crafted webpage. The attacker's payload will be executed under the context of the browser.
Seagull is a web application framework written in PHP. A remote file inclusion vulnerability exists in Seagull version 0.6.7. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
Services By CQR