The 'com_jr_tfb' component for Joomla! is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
The iMesh application is prone to a buffer overflow vulnerability due to inadequate boundary checks on user-supplied data. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code in the context of the application using an affected ActiveX control, typically in Internet Explorer. Failed exploit attempts may result in denial-of-service conditions.
This exploit allows remote attackers to include and execute arbitrary files on a vulnerable web server. The vulnerability exists due to the application not properly sanitizing user-supplied input in the 'path[JavascriptEdit]' parameter. An attacker can exploit this vulnerability to include a remote file containing malicious PHP code and execute it on the target system.
The NetBSD operating system is prone to a stack-based buffer-overflow vulnerability affecting multiple functions in the 'libc/net' library. Successful exploits may allow an attacker to execute arbitrary code in the context of the application using the affected library. Failed exploit attempts will result in a denial-of-service condition.
An attacker can exploit this issue to gain elevated privileges and execute arbitrary code with root privileges. Successfully exploiting this issue will result in a complete compromise of the affected system.
The jclassifiedsmanager component is vulnerable to SQL Injection and XSS attacks. The 'id' parameter in the 'displayads' task is not sanitized, allowing an attacker to inject malicious SQL code. The 'view' parameter in the 'displayads' task is also not sanitized, allowing an attacker to inject arbitrary JavaScript code.
The vulnerability allows an attacker to include arbitrary files from the server by manipulating the 'phpbb_root_path' parameter in the URL.
VLC Media Player contains a flaw that is triggered as user-supplied input is not properly sanitized when handling a specially crafted M2V file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
VLC Media Player contains a flaw that is triggered as user-supplied input is not properly sanitized when handling a specially crafted FLV file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
This exploit allows an attacker to perform a blind SQL injection attack on the Joomla Component D4JeZine version 2.8 or below. The exploit uses a one character brute force technique to extract sensitive information from the database.
Services By CQR