A vulnerability exists in Zoom Portfolio, a Joomla Portfolio Component, which allows remote attackers to inject arbitrary SQL commands via the id parameter in a view=portfolio action to index.php.
It was found that LINK CMS does not validate properly the "IDStranicaPodaci" parameter value. Input validation of "IDStranicaPodaci" parameter should be corrected.
anecms is an open source blog manager vulnerable to SQL injection. An attacker can exploit this vulnerability by setting the POST variable username to 'Sweet'" on http://vulnerable.com/register/next and then registering with the credentials provided in the proof of concept.
Ananta_Gazelle is vulnerable to Local File Inclusion and XSS attacks. An attacker can exploit this vulnerability to gain access to sensitive information or execute malicious code on the vulnerable system.
Abyssal Metal Player is Media File Player which Plays many Media Files such as .Mp3 , .avi, .mov, .mpg, .wav. This vulnerability is found in playing avi file format. An attacker can create a malicious avi file with a large amount of data and when the user opens the file in the player, the application will crash and the user will not be able to use the system until it is restarted.
A remote file include vulnerability exists in 4images1.7.8 which allows an attacker to include a malicious file from a remote server. The vulnerability is present in the 'global.php' file, where user input is not properly sanitized before being used to include a file. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an arbitrary file from a remote server.
This exploit is for Tplayer V1R10. It creates two files, crash.mp3 and crash2.mp3, which contain junk data of length 50000. When both of these files are loaded in the player and the Automix button is clicked, the player crashes.
netStartEnterprise v4.0 is vulnerable to a SQL injection attack. An attacker can inject malicious SQL code into the 'id' parameter of the 'previeweventdetail.aspx' page, which can be used to access and modify the underlying database.
A SQL injection vulnerability exists in Joomla Component (com_Fabrik) which allows an attacker to execute arbitrary SQL commands on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input in the 'tableid' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable system. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information, modification of data, and other malicious activities.
Microsoft Windows operating system is prone to a local DoS by interrupting the function IcmpSendEcho2Ex. The IP address argument should be a non-exist IP address on the net, so the function will wait longer time.
Services By CQR