A vulnerability exists in Microsoft Windows MessageBoxA() function which allows a local user to gain elevated privileges. This vulnerability is caused due to an error in the MessageBoxA() function when handling certain parameters. By exploiting this vulnerability, a local user can gain elevated privileges on the system.
This exploit causes a denial of service in Internet Explorer when a maliciously crafted web page is opened. The page contains an object tag with a classid of 'clsid:405DE7C0-E7DD-11D2-92C5-00C0F01F77C1' and an id of 'RealPlayer'. The page then calls the Initialize method of the RealPlayer object, causing Internet Explorer to crash.
TextSend config/sender.php does not initialize the $ROOT_PATH variable before using it to include files, assuming register_globals = on, we can initialize the variable in a query string and include a remote file of our choice.
Valdersoft Shopping Cart v3.0 (E-Commerce Software) is vulnerable to a remote file include vulnerability due to the use of an unsecured parameter, commonIncludePath, in the common.php file. An attacker can exploit this vulnerability by sending a malicious URL in the commonIncludePath parameter. This will allow the attacker to include a remote file containing malicious code on the vulnerable server.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to '/ScriptPath/down.asp' script. A remote attacker can send a specially crafted request with malicious SQL statements to the vulnerable script and execute arbitrary SQL commands in application's database. This can allow the attacker to access or modify sensitive data in the database, compromise vulnerable system and launch further attacks.
This exploit is a proof of concept for a buffer overflow vulnerability in Hewlett-Packard FTP Print Server Version 2.4.5. The vulnerability is triggered when a malicious user sends a specially crafted LIST command with a buffer of 3000 bytes or more. This causes the server to crash and the connection to be dropped.
This exploit allows an attacker to execute arbitrary code on the vulnerable server by including a file from a remote web server.
This is an example file system access suite for Oracle based on the utl_file package. It allows for remotely reading/writing OS files with the privileges of the RDBMS user, without the need for any special privileges (CONNECT and RESOURCE roles are more than enough). The database must be configured with a non-NULL utl_file_dir value (preferably '*').
cwmVote 1.0 is vulnerable to a file include vulnerability. This vulnerability is due to the 'abs' parameter in the 'archive.php' script not being properly sanitized before being used to include files. This can be exploited to include arbitrary files from remote hosts by passing an URL as the 'abs' parameter. Successful exploitation requires that 'allow_url_include' is set to 'On' in the php.ini file.
phpProfiles has several scripts which do not initialize variables before using them to include files, assuming register_globals = on, we can initialize any one of the variables in a query string and include a remote file of our choice.
Services By CQR