Paristemi music/buycd.php fails to initialize the $HTTP_DOCUMENT_ROOT variable before using it to include files, assuming register_globals = on, we can initialize the variable in a query string and include a remote file of our choice.
KDE 3.5 and earlier versions are vulnerable to an unhandled HTML parse exception. This vulnerability is caused due to an error in the 'DOM::Node::nodeType()' function in 'libkhtml.so.4' library when handling HTML tags with a range attribute. This can be exploited to cause a denial of service via a specially crafted HTML page.
A buffer overflow vulnerability exists in WinFtp Server Version 2.0.2 when a malicious user sends a specially crafted PASV command with an overly long string, resulting in a denial of service condition.
The intel wireless mini-pci driver provided with Intel 2200BG cards is vulnerable to a remote race condition memory corruption flaw. Malformed beacons frame can be used to corrupt internal kernel structures, leading to arbitrary code execution. This vulnerability is triggered when flooding wifi card with many malformed beacons frame. The data is copied over internal kernel structures, resulting in memory operations being performed on attacker-controlled pointer values, like EIP values.
A vulnerability in wget version 1.10.2 and earlier allows an attacker to cause a denial of service (DoS) by sending a specially crafted FTP response. The vulnerability is due to an unchecked boundary condition when processing FTP responses. An attacker can exploit this vulnerability by sending a specially crafted FTP response to a vulnerable wget instance. Successful exploitation of this vulnerability will cause the wget instance to crash.
A remote SQL injection vulnerability exists in uploader&downloader v3. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.
VerliAdmin 0.3 is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Azucar CMS admin/index_sitios.php uses the include function insecurely on the $_GET[_VIEW] paramater passed to the script, a remote file can be specified and executed on the server.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'module_root_path' parameter in 'charts_constants.php' script. A remote attacker can include arbitrary files from local resources and execute arbitrary PHP code on the vulnerable system.
The vulnerability exists due to the improper validation of user-supplied input in the 'mx_root_path' parameter in the '/modules/mx_links/language/lang_english/lang_admin.php' script. A remote attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by passing a malicious URL in the 'mx_root_path' parameter.
Services By CQR