The AutartiTarot component for Joomla! is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.
This module exploits a remote command execution vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.2.0. The bug is found in the REST API, which requires no authentication or authorization, where the search function allows dynamic scripts execution, and can be used for remote attackers to execute arbitrary Java code. This module has been tested successfully on ElasticSearch 1.1.1 on Ubuntu Server 12.04 and Windows XP SP3.
The 'com_gambling' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The vulnerability allows an attacker to remotely trigger a denial-of-service condition in IBM DB2 by sending a specific sequence of bytes. This causes the application to crash, resulting in a denial of service for legitimate users.
The 'com_rsgallery2' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Attackers can exploit this issue to deny service to legitimate users.
The Comtrend CT-507 IT device's web interface does not properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially allowing the attacker to steal authentication credentials and launch further attacks.
This exploit allows an unprivileged user to grant or revoke dba permission on an Oracle database. It uses the KUPW$WORKER.MAIN function to execute arbitrary SQL statements.
The Ingres Database is prone to a heap-based buffer-overflow vulnerability due to inadequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with the privileges of the application or crash the affected application.
A local attacker can exploit this issue to execute arbitrary code with superuser privileges, resulting in the complete compromise of the affected computer.