basicFramework is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
CodeWidgets Web Based Alpha Tabbed Address Book is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Attackers can upload and download arbitrary files and execute arbitrary code within the context of the webserver process by exploiting the vulnerabilities in GHBoard.
The GHBoard application is prone to multiple vulnerabilities that allow attackers to upload and download arbitrary files and execute arbitrary code within the context of the webserver process. The vulnerabilities can be exploited by sending a crafted HTTP request to the affected server. Specifically, the 'download.jsp' script does not properly validate user-supplied input in the 'name' parameter, allowing for directory traversal attacks and arbitrary file downloads. This can lead to unauthorized access to sensitive information or remote code execution depending on the file accessed. This vulnerability is assigned multiple CVE identifiers: CVE-2007-6472, CVE-2007-6473.
Japanese PHP Gallery Hosting is prone to an arbitrary-file-upload vulnerability because it fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Jeebles Directory is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to execute local scripts or to view arbitrary files that may contain sensitive information that can aid in further attacks.
DMCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This exploit creates a malicious .m3u file that causes VLC Player for OSX to execute arbitrary code. It uses a bind shell to achieve this.
This exploit is for the rlprd buffer overflow vulnerability. It allows an attacker to execute arbitrary code on a target system. The exploit consists of two stages. The first stage reads shellcode from memory and jumps to it. The second stage performs privilege escalation and executes a shell command.
Hackish is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Services By CQR
