The vulnerability occurs when a Java-enabled browser is used to view a malicious website while QuickTime is installed. Attackers can exploit this vulnerability to execute arbitrary code in the context of the user running QuickTime, potentially leading to remote compromise of the affected computer. Failed exploit attempts may result in denial-of-service conditions. The vulnerability can be exploited through Safari and Mozilla Firefox on Mac OS X, and there are reports suggesting that Firefox on Windows platforms may also be an exploit vector. Reports also mention that Internet Explorer 6 and 7 on Windows XP may be an exploit vector, but this has not been confirmed.
acvsws_php5 is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
An SQL-injection vulnerability exists in phpMySpace Gold 8.10, allowing attackers to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
The File117 application fails to properly sanitize user-supplied data, leading to multiple remote file inclusion vulnerabilities. An attacker can exploit these vulnerabilities by injecting malicious code through user-controlled parameters in the 'relPath' and 'folder' parameters of the 'detail.php' script. Successful exploitation can lead to compromise of the application and the underlying system, allowing the attacker to execute arbitrary code or perform other malicious activities.
PHPMyBibli is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Allfaclassifieds is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This exploit allows an attacker to perform cross-site scripting and SQL injection attacks in Ripe Website Manager version 0.8.4 and below. The exploit was discovered by John Martinelli.
PHP Turbulence is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
FreePBX is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data before using it in dynamically generated content. Attacker-supplied HTML and script code may be executed in the context of the affected web application, potentially allowing the attacker to steal cookie-based authentication credentials, control how the web application is displayed to the user, or manipulate the underlying PBX application; other attacks are also possible.
Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data.
Services By CQR