A local denial of service vulnerability exists in MP3 Wav Editor 3.80. An attacker can create a specially crafted .mp3 file, which when added to a playlist and deleted, causes the application to crash.
A denial of service vulnerability exists in MyVideoConverter 2.15, which can be exploited by creating a specially crafted .vro file containing a null byte. When the file is added and the Start button is clicked, the application will crash.
jevoncms is vulnerable to both Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerabilities. An attacker can exploit these vulnerabilities by sending a crafted HTTP request to the vulnerable application. The attacker can use the LFI vulnerability to read sensitive files from the server, while the RFI vulnerability can be used to execute malicious code on the server.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The request should contain a maliciously crafted parameter value that contains directory traversal characters (e.g. “../”) to access files outside of the web root folder. An example of such a request is http://localhost/index.php?option=com_bca-rss-syndicator&controller=../../../../../../../etc/passwd%00
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable Joomla component com_loginbox. The attacker can use the view parameter to inject malicious code and execute arbitrary files on the vulnerable system.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable Joomla component. The request should contain a malicious value in the ‘controller’ parameter, which can be used to include arbitrary files from the server.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The request should contain a malicious value in the ‘controller’ parameter of the vulnerable application. This will allow the attacker to read arbitrary files from the server.
JInventory is vulnerable to a Local File Inclusion vulnerability. This vulnerability allows an attacker to include a local file on the web server, which can lead to the disclosure of sensitive information. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'option' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters.
A SQL injection vulnerability exists in the Joomla component com_ranking. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database server.
Facil-CMS is vulnerable to Local File Inclusion (LFI) and Remote File Inclusion (RFI) attacks. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'modload' parameter of the 'index.php' and 'modules.php' scripts. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow an attacker to include arbitrary files from the local system or a remote system, and execute arbitrary code on the vulnerable system.
Services By CQR