A local file inclusion vulnerability exists in the Joomla Component J!WHMCS Integrator version 1.5.0. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters to the vulnerable server. This can allow the attacker to read arbitrary files on the server.
A local file inclusion vulnerability exists in com_sebercart version 1.0.0.12, which allows an attacker to include a file from the local system. This can be exploited to disclose sensitive information or execute arbitrary code by including malicious files from the local system.
Jzip v1.3 is vulnerable to a buffer overflow vulnerability due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by crafting a malicious .zip file with a specially crafted file name, which can lead to arbitrary code execution. This vulnerability was discovered by mr_me and was disclosed in an advisory by Corelan Security Team in 2010.
Foxit Reader is prone to a denial-of-service vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to open a specially crafted PDF file. This will cause the application to crash, denying service to legitimate users.
Microsoft Office 2010 Communicator allows remote attack to cause a denial of service (memory consumption) via a large number of SIP INVITE requests.
A vulnerability exists in Freestyle FAQ Lite Component 1.3 (faqid) which allows an attacker to inject arbitrary SQL commands via the faqid parameter in the URL. An attacker can exploit this vulnerability to gain access to sensitive information from the database.
A local file inclusion vulnerability exists in com_news_portal version 1.5.x. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This can allow the attacker to include and execute arbitrary local files on the vulnerable system.
This exploit allows an attacker to gain access to the admin account of the ilchClan <= 1.0.5 script by exploiting a SQL Injection vulnerability. The exploit is achieved by sending a crafted HTTP request to the vulnerable script, which then returns the admin account credentials in the response.
This exploit allows an attacker to upload a malicious shell code to the vulnerable LionWiki 3.X application. The attacker can use the dork 'powered by LionWiki' to find vulnerable websites and then use the URL http://victim/path/index.php?action=upload or http://victim.com/path/?action=upload to upload the malicious shell code. However, if the admin has created a password, the attacker will not be able to upload the shell code.
A buffer overflow vulnerability exists in Portable AVS DVD Authoring v1.3.3.51, which could allow an attacker to execute arbitrary code on the target system. The vulnerability is due to insufficient boundary checks when handling user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request containing an overly long string to the vulnerable application. This can result in a buffer overflow, which can be used to execute arbitrary code on the target system.
Services By CQR