This exploit targets the PHP-Nuke Module Addressbook version 1.2. It takes advantage of a vulnerability in the 'require_once' function call in the 'func.inc.php' file, allowing an attacker to include local files. This can lead to information disclosure or code execution.
Ushahidi is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Nagios is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The NetGear WNDAP350 wireless access point is prone to multiple remote information-disclosure issues because it fails to restrict access to sensitive information. A remote attacker can exploit these issues to obtain sensitive information that can aid in launching further attacks.
ARSC Really Simple Chat is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PikaCMS is prone to multiple local file-disclosure vulnerabilities because it fails to adequately validate user-supplied input. Exploiting these vulnerabilities may allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
TEDE Simplificado is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This exploit allows an attacker to execute arbitrary code by exploiting a buffer overflow vulnerability in T-Mobile Internet Manager software for Windows. The vulnerability occurs in the handling of the UpdateCfg.ini file, which can be exploited by copying a specially crafted file to the program's installation directory and triggering an update.
The User Profile Service in Windows 8.1 Update 32/64 bit has a bug in the way it handles impersonation. When a user logs in, certain resources in the profile are created under the user's token, but then changes to impersonating Local System, which can lead to privilege escalation. Some identified issues include recursive directory creation and creation of the temporary folder for the user under system privileges.
The 'libxml2' library is prone to multiple memory-corruption vulnerabilities, including one that can trigger a heap-based buffer-overflow error and an integer-overflow condition. An attacker can exploit these issues by enticing an unsuspecting user into opening a specially crafted XML file that contains a malicious XPath. A successful attack can allow attacker-supplied code to run in the context of the application using the vulnerable library or can cause a denial-of-service condition.