A denial of service vulnerability exists in VLC (libav) libavcodec_plugin.dll when attempting to read from 0x00000010. This can be triggered by a specially crafted .ape file, which when opened in VLC 1.1.11, causes an access violation and a crash.
Docebo LMS 2.05 is vulnerable to Remote File Inclusion. The vulnerable files are doceboLMS205/modules/credits/business.php, doceboLMS205/modules/credits/credits.php and doceboLMS205/modules/credits/help.php. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. The malicious URL contains a malicious script which will be executed on the vulnerable application.
This exploit is a directory traversal vulnerability in Windows 2008 SP2 RC2 and Windows 7 Pro SP1. It allows an attacker to delete files and directories outside of the intended directory. The exploit is triggered by creating a directory named 'trigger_alt' and a subdirectory named '....' in the root directory. Then, the attacker can use the SHFileOperation function to delete the directory and its contents.
This exploit is a buffer overflow vulnerability in Windows Media Player 11.0.5721.5262 on Windows XP SP3 x86 and Windows 7 SP2 x64. It allows an attacker to execute arbitrary code by sending a specially crafted packet to the Windows Media Player service.
V-webmail is a powerful PHP based webmail application with an abundance of features, including many innovative ideas for web applications. The vulnerability exists in the v-webmail/includes/pear/*/*.php and v-webmail/includes/mailaccess/pop3.php files, which allow an attacker to include a remote file by manipulating the CONFIG[pear_dir] parameter. Versions 1.3, 1.5 and 1.6.4 are vulnerable.
Socketmail is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process. This may facilitate unauthorized access or privilege escalation.
A remote file include vulnerability exists in BE_config.php Line 27-31, which allows an attacker to include a remote file by passing the _PSL[classdir] parameter in the URL.
This vulnerability, due to a weak filter, lets you download any unprotected remote content, under PDF format. The exploit may not work, depending on the set up htaccess/chmod rules on the remote server.
A remote file include vulnerability exists in the 404.php file of the open-medium Content Management System. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server, containing a malicious file in the REDSYS[MYPATH][TEMPLATES] parameter. This can allow the attacker to execute arbitrary code on the vulnerable server.
SantriaCMS is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'idArtikel' parameter in the 'view.php' script. This can be exploited to bypass authentication, access, modify and delete data in the back-end database.
Services By CQR