Windows FTP Server by DWG Software is vulnerable to authentication-bypass that will allow attackers to connect with any username and password. This give attackers full access to the Top Level directory of the ftp server.
A local file inclusion vulnerability exists in com_powermail version 1.5.3. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This can allow the attacker to include arbitrary local files on the system, which may contain sensitive information.
Java Web Start (jws) provides java developers with a way to let users launch and install their applications using a URL to a Java Networking Launching Protocol (.jnlp) file. Since Java 6 Update 10, Sun has distributed an NPAPI plugin and ActiveX control called 'Java Deployment Toolkit' to provide developers with a simpler method of distributing their applications to end users. This toolkit is installed by default with the JRE and marked safe for scripting. The launch() method provided by the toolkit object accepts a URL string, which it passes to the registered handler for JNLP files, which by default is the javaws utility. The toolkit provides only minimal validation of the URL parameter, allowing us to pass arbitrary parameters to the javaws utility, which provides enough functionality via command line arguments to allow this error to be exploited.
An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable parameter 'read' of the 'eventi.php' script. The crafted query will allow the attacker to extract sensitive information from the database.
A Path Traversal attack aims to access files and directories that are stored outside the web root folder. By browsing the application, the attacker looks for absolute links to files stored on the web server. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration and critical system files, limited by system operational access control. The attacker uses “../” sequences to move up to root directory, thus permitting navigation through the file system. An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Insufficent Access Control can lead to bypassing of 403 (Forbidden) errors.
A vulnerability in the Joomla Component AWDwall-Joomla allows an attacker to perform a Local File Inclusion (LFI) and a SQL Injection (SQLi) attack. The vulnerability exists in the com_awdwall version 1.5.4, which is vulnerable to an LFI attack when the ‘controller’ parameter is manipulated. Additionally, the ‘cbuser’ parameter is vulnerable to a SQLi attack when the ‘view’ parameter is set to ‘awdwall’ and the ‘Itemid’ parameter is set to ‘1’.
A Local File Inclusion (LFI) vulnerability exists in the com_realtyna version 1.0.15 component for Joomla. An attacker can exploit this vulnerability to include arbitrary files from the web server, which can lead to the disclosure of sensitive information. The vulnerability is due to insufficient sanitization of user-supplied input to the 'controller' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request containing directory traversal characters (e.g. '../') to the vulnerable script. Successful exploitation of this vulnerability can result in the disclosure of sensitive information.
A local file inclusion vulnerability exists in the com_webeecomment version 2.0 component for Joomla. An attacker can exploit this vulnerability to include arbitrary files from the local system, which can lead to the disclosure of sensitive information. The vulnerability is due to insufficient sanitization of user-supplied input to the 'controller' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters to the vulnerable script. This can allow the attacker to include arbitrary files from the local system.
The issue in __lgto_svcauth_unix() is a signedness error, where if a user-supplied size is given, it can cause a stack overflow.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'sid' of the 'com_articles' component. The query will be executed in the backend database, allowing the attacker to access sensitive information such as usernames and passwords.
Services By CQR