The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and POSSIBLY (yeah, sure;) gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions (CVE-2006-2451).
Variables $absolute_path are not properly sanitized. When register_globals=on, this can be exploited to include arbitrary files from remote resources.
The pollxt mambo component is vulnerable to an input validation vulnerability due to the lack of sanitization of the $mosConfig_absolute_path variable. This vulnerability can be exploited by an attacker to inject malicious code into the vulnerable application. The attacker can use a dork to find vulnerable websites and then inject malicious code into the vulnerable application by passing the malicious code in the $mosConfig_absolute_path variable.
Sitemap 2.0.0 for Mambo 4.5.1 CMS is vulnerable to a Remote File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the mosConfig_absolute_path parameter. This will allow the attacker to execute arbitrary code on the vulnerable system.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HTMLArea3 addon - ImageManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ImageManager component of the HTMLArea3 addon. The issue lies in the lack of proper validation of user-supplied input to the 'mosConfig_absolute_path' parameter of the 'config.inc.php' script. An attacker can leverage this vulnerability to execute arbitrary code under the context of the webserver.
A vulnerability exists in the com_hashcash component of Joomla! version 1.2.1, which allows an attacker to include a remote file via the 'mosConfig_absolute_path' parameter in the 'server.php' script.
perForms Joomla Component version 1.0 is vulnerable to Remote File Inclusion due to the variable $mosConfig_absolute_path not being sanitized. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to the victim. The URL will contain the malicious code which will be executed on the vulnerable system. The fix for this vulnerability is to add the code 'defined('_VALID_MOS') or die('Direct access to this location is not allowed.');' before the vulnerable code.
A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This can result in arbitrary remote code execution.
A remote file include vulnerability exists in ExtCalendar Mambo Module <= v2, which allows an attacker to include a remote file containing malicious code. This can be exploited to execute arbitrary PHP code by sending a specially crafted request to the vulnerable script.
A remote inclusion vulnerability was found in the file abbc.class.php of the Mambo component. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious value for the 'mosConfig_absolute_path' parameter.
Services By CQR