This exploit allows an attacker to disclose files on the target system by exploiting the netForo 0.1g vulnerability. By manipulating the 'file_to_download' parameter in the 'down.php' script, an attacker can traverse the file system and access sensitive files such as the '/etc/passwd' file.
Yacs CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
The vulnerabilities in OpenLDAP allow remote attackers to execute arbitrary code or cause denial-of-service conditions. The specific exploit involves using the 'ldapmodrdn' command with specific parameters.
iOffice is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected software and the underlying server.
The MOJO IWMS application fails to properly sanitize user-supplied data, which can be exploited by an attacker to manipulate cookies and masquerade as another user. This can lead to the theft of cookie-based authentication credentials and enable the attacker to launch further attacks.
An attacker can exploit this issue to crash the affected server, resulting in denial-of-service conditions.
The DOS Snort Inline exploit affects versions 2.6.1.1, 2.6.1.2, and 2.7.0(beta) of Snort Inline. It requires Frag3 to be enabled, Inline to be enabled, Linux as the operating system, and ip_conntrack to be disabled. The exploit triggers a segfault by supplying an offset that causes reassembly for different snort fragmentation reassembly policies. The first packet is hardcoded with a 70-74 offset.
Pligg is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Pixie is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage the issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks.
Gekko Web Builder is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.