A local file include web vulnerability has been discovered in the official Foxit MobilePDF v4.4.0 iOS mobile web-application. The local file include vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application.The vulnerability is located in the `filename` value of the wifi interface `upload` module. Local attackers are able to manipulate the wif
This exploit allows an attacker to disclose sensitive information from the IPMI (Intelligent Platform Management Interface) protocol. By sending specific commands to the IPMI service, an attacker can retrieve information such as user access privileges, user names, and other configuration settings.
The Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities due to improper input sanitization. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a targeted user, potentially leading to the theft of authentication credentials and other malicious activities.
Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. Other attacks may also be possible.
The Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user, potentially allowing the attacker to steal authentication credentials or perform other malicious activities.
TWiki is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The PHP Calendar Basic is prone to multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially stealing authentication credentials and launching further attacks.
This is a proof-of-concept exploit for a buffer overflow vulnerability in PHP 5.2.1 with the PECL phpDOC extension. The exploit targets the confirm_phpdoc_compiled() function. It is designed to be launched from the command line interface (CLI) and exploits a stack-based buffer overflow to execute arbitrary code. The exploit overwrites the structured exception handler (SEH) and uses WinExec to launch the Notepad application. The exploit code is provided in the PHP script.
eFront is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The Mitel Audio and Web Conferencing software is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to a lack of proper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.
Services By CQR