A remote file inclusion vulnerability exists in Barman 0.0.1r3. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. The vulnerability is due to the 'basepath' parameter in the 'interface.php' script not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by sending a malicious URL to a legitimate user of the application. The malicious URL contains a specially crafted 'basepath' parameter with a malicious file path. This can allow the attacker to execute arbitrary code on the vulnerable system.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'mx_root_path' parameter to the 'modules/mx_act/include/constants/act_constants.php' script. A remote attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system.
fipsShop is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
mxBB Module mx_errordocs 1.0 is vulnerable to a remote file include vulnerability. The vulnerable code is present in the common.php file. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the module_root_path parameter. This will allow the attacker to execute arbitrary code on the vulnerable system.
Golden FTP server 1.92 (freeware edition) is vulnerable to a heap-based buffer overflow when sending an overly long USER/PASS string. This can be exploited to execute arbitrary code by overwriting a structured exception handler (SEH) with a malicious payload.
ARP FLOODER v0.1 is a denial of service exploit designed to crash D-LINK DWL-2000AP+ routers. It was created by poplix@papuasia.org in 2006-12-04. The exploit is written in C and can be compiled with gcc arpflood.c -o arpflood.
A vulnerability exists in Filezilla FTP Server 0.9.20 beta / 0.9.21 which allows an attacker to cause a denial of service by sending a specially crafted LIST, NLST or NLST -al command. This can be exploited by an authenticated user with only read and list permissions enabled.
eHome is prone to multiple input-validation vulnerabilities, including cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
This vulnerability affects multiple antivirus vendors and allows attackers to cause a denial of service (DoS) condition by sending a specially crafted RAR file. The vulnerability is caused due to an error in the processing of RAR files, which can be exploited to cause a stack-based buffer overflow by sending a specially crafted RAR file. Successful exploitation may allow execution of arbitrary code, but is limited to denial of service attacks.
This vulnerability is related to the CHM (Compiled HTML Help) file format. It is caused by a boundary error in the processing of the CHM chunk name length. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted CHM file. Successful exploitation may allow execution of arbitrary code.
Services By CQR