A vulnerability exists in the Joomla Component com_jequoteform which allows an attacker to perform a Local File Inclusion (LFI) attack. The vulnerability is triggered when an attacker sends a specially crafted HTTP request to the vulnerable application. This request contains a maliciously crafted parameter which is used to include a malicious file from the server. The malicious file can be used to gain access to sensitive information or execute arbitrary code on the server.
All the input passed via 'idprod', 'idpadrerif', 'idreferenza', 'idpadrerifIstituzionali' is not properly sanitised before being used in a sql query. Input validation of 'idprod', 'idpadrerif', 'idreferenza', 'idpadrerifIstituzionali' parameters should be corrected.
The vulnerability exists in the DoWebMenuAction method of the ImShExtU.dll ActiveX control, which is included in IncrediMail. By supplying a long string of 'A' characters to the DoWebMenuAction method, an attacker can overwrite the SEH chain and execute arbitrary code.
This exploit is a buffer overflow vulnerability in the RETR command of TYPSoft FTP Server. It allows an attacker to cause a denial of service by sending a large amount of data to the server. The exploit does not require a PORT command to be specified.
This exploit is a denial of service attack against SmallFTPD FTP Server version 1.0.3. It sends a malicious DELE command with a buffer of 496 A characters, which causes the server to crash.
This vulnerability is caused by an infinite loop in the code which can cause the browser to crash or freeze. The code in the example creates an infinite loop by continuously adding the same string to itself and writing it to the document.
JE Job Component is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability by sending a crafted URL to the application. For example, index.php?option=com_jejob&view=../../../../../../etc/passwd%00
JE Ajax Event Calendar is vulnerable to a Local File Inclusion vulnerability. This vulnerability allows an attacker to include a file from the local file system of the web server. An attacker can exploit this vulnerability by sending a specially crafted request to the web server. This vulnerability can be exploited by an unauthenticated attacker.
A vulnerability exists in Dione Form Wizard, a Joomla! component, which allows website administrators to create web forms easily through a simple drag-and-drop editor. An attacker can exploit this vulnerability to gain access to sensitive information by sending a specially crafted HTTP request containing an LFI payload. This payload can be sent to the vulnerable application via the ‘option’ and ‘controller’ parameters in the URL.
A vulnerability exists in com_sebercart version 1.0.0.1x, which allows an attacker to download the image.jpg file and open it with notepad or gedit by sending a specially crafted HTTP request to the vulnerable server. The vulnerable file is components/com_sebercart/getPic.php.
Services By CQR