A BitDefender Antivirus 2008 ActiveX control is prone a double-free vulnerability because of a flaw in the way that the 'bdelev.dll' library handles certain object data prior to returning it. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Thomson SpeedTouch 716 is prone to a cross-site scripting vulnerability because the device fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Dance Music is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view files and execute local scripts in the context of the webserver process.
This is the second exploit for MOAB-05-01-2007. It uses crontab and is simpler than the first exploit. It works effectively.
Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input including multiple cross-site scripting vulnerabilities, multiple HTML-injection vulnerabilities, and an SQL-injection vulnerability. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database. Other attacks are also possible.
The Roundcube Webmail application is prone to an input-validation vulnerability that allows attackers to execute arbitrary script code in the browser of an unsuspecting user. This can lead to the theft of cookie-based authentication credentials and other possible attacks.
Falcon Series One is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. These issues include a remote file-include vulnerability and multiple HTML-injection vulnerabilities. Exploiting these issues can allow attacker-supplied HTML or script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This is a Ruby exploit that overwrites a target binary with a shell path and sets rogue permissions. It is used to gain unauthorized access to a system.
The DomPHP script version 0.83 is vulnerable to a local directory traversal attack. An attacker can exploit this vulnerability by providing a crafted URL to the 'url' parameter in the 'index.php' script of the photoalbum module. By manipulating the 'url' parameter, an attacker can navigate to arbitrary directories on the server and access sensitive files.
Services By CQR