The vulnerability allows an attacker to include a remote file in the aggregator.php and controller.php scripts. By manipulating the 'zf_path' parameter, an attacker can execute arbitrary code on the server.
The Fritz!Box networking/voice over IP router produced by AVM is vulnerable to unauthenticated remote command execution. An attacker can exploit this vulnerability by sending a crafted request to the router's web interface, allowing them to execute arbitrary commands on the device.
Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access to more than one input filter to execute arbitrary code. By default, anonymous and authenticated users have access to only one input format. Immediate workarounds include: disabling the comment module, revoking the 'post comments' permission for all users or limiting access to one input format.
Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access to more than one input filter to execute arbitrary code. By default, anonymous and authenticated users have access to only one input format.
The Jupiter CMS version 1.1.5 is vulnerable to file upload vulnerability. An attacker can upload a malicious PHP file by exploiting the emoticons.php module. This allows the attacker to execute arbitrary code on the server.
The PG Matchmaking application is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied data. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other malicious activities.
The Jupiter CMS 1.1.5 is vulnerable to SQL Injection. The vulnerability allows an attacker to execute arbitrary SQL queries by manipulating the user input. By exploiting the vulnerability, an attacker can retrieve sensitive information such as usernames and passwords from the database.
This code exploits a buffer overflow vulnerability in cxterm on Linux. It allows an attacker to execute arbitrary code with the privileges of the cxterm process.
The iDefense COMRaider ActiveX control is prone to multiple insecure-method vulnerabilities.Successfully exploiting these issues allows remote attackers to create arbitrary directories and copy arbitrary local files. This may lead to a denial-of-service condition or aid in further attacks.
This vulnerability can be exploited over the 'Oracle Net' protocol. An attacker doesn't require privileges to exploit this vulnerability.