Variables $baseDir are not properly sanitized. When register_globals=on and allow_fopenurl=on an attacker can exploit this vulnerability with a simple php injection script.
The vulnerability allows a remote attacker to perform actions in the context of an authorized user's session and gain unauthorized access to the affected application. The exploit involves submitting a form with hidden fields that perform certain actions.
The vulnerability allows an attacker to execute arbitrary code in the context of the user running the affected application by tricking them into viewing a page containing malicious content.
Microsoft DirectX is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to interrupt existing sessions or crash or freeze the application that uses DirectX, resulting in denial-of-service conditions.
SnowFlake CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Sourcefabric Campsite is vulnerable to HTML injection due to inadequate input sanitization. This vulnerability allows attackers to inject and execute arbitrary HTML and script code within the context of the affected browser. Exploiting this vulnerability could lead to the theft of cookie-based authentication credentials and control over the rendering of the site to the user.
This exploit allows an attacker to disclose files on the target system by exploiting the netForo 0.1g vulnerability. By manipulating the 'file_to_download' parameter in the 'down.php' script, an attacker can traverse the file system and access sensitive files such as the '/etc/passwd' file.
Yacs CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
The vulnerabilities in OpenLDAP allow remote attackers to execute arbitrary code or cause denial-of-service conditions. The specific exploit involves using the 'ldapmodrdn' command with specific parameters.
iOffice is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected software and the underlying server.
Services By CQR