The TVUPlayer ActiveX control in TVUPlayer 2.4.9beta1 allows attackers to overwrite arbitrary local files on the victim's computer through a crafted XML package. This vulnerability can be exploited in the context of the vulnerable application, typically Internet Explorer, using the ActiveX control.
The VMware View application fails to properly sanitize user-supplied data, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially allowing the attacker to steal authentication credentials and launch further attacks.
This exploit takes advantage of a reference counter overflow vulnerability in PHP 4. By creating a string with the same size as a Hashtable and creating a large number of references to it, the reference counter overflows and the string gets freed. Then, by freeing more zvals and creating a new array with a specific key, the exploit gains access to the Hashtable's content and can execute code in the shellcode.
ShopEx Single is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The Sterlite SAM300 AX Router is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The TYPO3 't3m_cumulus_tagcloud' extension is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage the issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks.
The Rbot application fails to sanitize user supplied data, allowing an attacker to gain administrative rights and execute Ruby code within the context of the application.
ThinkPHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
This exploit allows an attacker to execute arbitrary commands on a vulnerable phpmyfaq version. The vulnerability exists in the attachment.php file, which does not properly sanitize user input before executing commands. By uploading a malicious PHP file and making a specific POST request to the attachment.php file, an attacker can execute arbitrary commands on the server. The exploit also includes a proxy option for anonymity.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.