This vulnerability in Oracle WebLogic Server can be exploited over the HTTP protocol. The attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges for the exploit to succeed. By sending specially crafted requests, an attacker can execute arbitrary code on the affected server.
A local attacker can exploit this issue to overwrite arbitrary files with the privileges of the affected process. This will likely result in denial-of-service conditions, other attacks may also be possible.
The Oracle Business Process Management is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a user visiting the affected site. This can lead to the theft of cookie-based authentication credentials and enable the attacker to launch further attacks.
This is a proof of concept exploit for the crack_opendict() function in PHP 4.4.6. It demonstrates a local buffer overflow vulnerability, using the win2k sp3 version with the SEH overwrite method. The exploit is designed to be launched from the command line.
Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
Two command injection vulnerabilities have been discovered in the official Easy FTP Pro v4.2 iOS mobile application. The vulnerabilities allow remote attackers to inject their own commands by exploiting misconfigured stored system/device values to compromise the application.
The application fails to properly sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user, potentially stealing authentication credentials and launching further attacks.
Attackers can exploit these vulnerabilities to steal authentication credentials, gain unauthorized access, bypass security restrictions, disclose sensitive information, or cause denial-of-service conditions.
The Antz toolkit module for CMS Made Simple is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input.An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected site.