The vulnerability exists in the include/ directory of the phpXD script. It is caused by the insecure usage of the require() function to include PHP files. An attacker can exploit this vulnerability by providing a malicious code in the 'path' parameter of the affected PHP files, which can lead to remote code execution.
The vulnerability exists in the bbclone script, specifically in the lib/selectlang.php file. The vulnerability is caused by the insecure handling of the BBC_LANGUAGE_PATH parameter. An attacker can exploit this vulnerability by injecting malicious code into the BBC_LANGUAGE_PATH parameter, leading to arbitrary code execution. This vulnerability was discovered by Dr Max Virus in 2007.
The vulnerability exists in IBM Lotus Sametime due to a failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An attacker can exploit this vulnerability to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial of service.
The server is unable to handle more than 2002 requests to non-existent files, pages, folders, etc. When the number of requests exceeds 2002, it stops answering, stops writing to the log file, and the admin will be unable to kick or ban users. The only thing you can do is to kill the process.
This is an exploit for the MOAB-22-01-2007 vulnerability which allows remote attackers to execute arbitrary code on the target system. The exploit downloads a malicious file from a specified URL and executes it on the system.
Buffer overflow is triggered upon sending long string to PCMAN FTP 2.07 in place of command
This exploit allows an attacker to execute remote code by spoofing the DNS Record for www.videocharge.com. It bypasses SafeSEH, ASLR, and DEP.
This exploit targets Oracle10g R1 and R2 versions prior to CPU Oct 2006. It allows an attacker to escalate their privileges by creating a session and a procedure. The exploit uses a function called F1, which is granted DBA privileges to the user 'TEST'. The exploit then executes the function and commits the changes. Finally, it retrieves user role privileges using the user_role_privs table. The exploit was developed by Joxean Koret.
This exploit allows an attacker with CREATE SESSION privileges to insert malicious code into the sys.sysauth$ table in Oracle10g R1 and R2 prior to CPU Oct 2006. This can lead to unauthorized access and potential compromise of the system.
The 'Display name' and 'Description' fields in BP Group Documents 1.2.1 are not escaped, allowing for the storage of script tags and potential XSS attacks.