This exploit allows remote attackers to execute arbitrary files on the target system by including a malicious file through the admin_settings.php script in MTCMS <= 2.0. The vulnerability arises due to the lack of proper input sanitization, allowing an attacker to specify a remote file to be included and executed on the server.
LEADTOOLS Multimedia is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately check boundaries on data supplied to an ActiveX control method. An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Failed attempts will likely result in denial-of-service conditions.
VP-ASP Shopping Cart is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Computer Associates BrightStor ARCserve Backup is prone to multiple denial-of-service vulnerabilities due to memory-corruption issues caused by errors in processing arguments passed to RPC procedures. A remote attacker may exploit these issues to crash the affected services, resulting in denial-of-service conditions.
An attacker can exploit these issues to crash the affected application, effectively denying service. The attacker may also be able to execute arbitrary code, which may facilitate a compromise of the underlying system.
Jetbox CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Attackers can exploit the input-validation vulnerability in Jetbox CMS to send spam emails in the context of the application.
The vulnerability allows attackers to bypass protection mechanisms implemented by personal firewall products. It occurs due to the improper implementation of protection mechanisms based on valid process identifiers. By exploiting this vulnerability, local attackers can bypass protection mechanisms and gain elevated privileges, allowing them to execute arbitrary code. Other attacks may also be possible.
Caucho Resin is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data. Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks.
The WordPress Akismet plugin is prone to an unspecified vulnerability. The exploit involves a form with malicious JavaScript code that can be used to execute arbitrary code or perform other malicious activities.
Services By CQR