The first vulnerability is multiple SQL injection vulnerabilities in bloofoxCMS V0.5.0. The second vulnerability is a Cross Site Request Forgery (CSRF) vulnerability.
Opera is vulnerable in parsing the JPEG file format. Discovered were four vulnerabilities, each in different segments of the file format. The two important ones are ntdll.RtlAllocateHeap() DHT vulnerability and ntdll.RtlAllocateHeap() SOS vulnerability. Opera Mini for mobile phones could also be vulnerable.
The magic photo storage website is vulnerable to Remote File Inclusion. An attacker can exploit this vulnerability by injecting a malicious payload in the _config[site_path] parameter of the common_function.php file. This allows the attacker to include arbitrary remote files, potentially leading to remote code execution or sensitive data disclosure.
This exploit targets Cdrecord version 2.0 and lower. It allows an attacker to gain root privileges on the system.
This module exploits a format string vulnerability in the Berlios GPSD server. This vulnerability was discovered by Kevin Finisterre.
The GNU Compact Disc Input and Control Library ('libcdio') is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. The issues occur when the 'cd-info' and 'iso-info' programs handle specially crafted ISO files. Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.
eTicket is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The exploit code causes a memory corruption vulnerability by generating a long string and using the '%n' format specifier in the alert function. This can lead to arbitrary code execution or denial of service.
The Georgia SoftWorks Secure Shell Server is prone to multiple remote code-execution vulnerabilities. These include a format-string vulnerability and two buffer-overflow vulnerabilities. Successful exploitation of these vulnerabilities allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges, leading to the complete compromise of affected computers.
The AllMyVisitors 0.4.0 software is vulnerable to file inclusion. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system.