An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
GIMP is prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate checks on user-supplied input. Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
This is a local root exploit for Linux systems. It allows an attacker to gain root privileges on the target system.
A security bug has been discovered in MetaForum 0.513 Beta. This bug can be used by an attacker to upload a malicious php file on the server. During the upload, the MIME type of the file is the only verified parameter. The extension isn't. This enables an attacker to fake the MIME type of a php file so that it is considered as an image.
The vulnerability allows an attacker to perform Cross-Site Scripting (XSS) attacks and bypass CSRF Tokens Protection. This can lead to various malicious activities such as taking over victim accounts, changing primary email addresses, sending forged requests, and tricking admins to attack their own users.
Mongoose is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted input. Successfully exploiting this issue will allow an attacker to crash the affected application, denying further service to legitimate users.
Coppermine Photo Gallery is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Multiple input-validation vulnerabilities, including security-bypass, arbitrary-file-upload, SQL-injection, local file-include, cross-site-scripting, and information-disclosure issues, allow unauthorized access, execution of scripts, data modification, stealing authentication credentials, and other attacks.
Attackers can exploit this issue to cause the server to consume excessive resources, denying service to legitimate users.
This PoC exploits a missing sign check in IOBluetoothHCIUserClient::SimpleDispatchWL(). The exploit allows an attacker to execute arbitrary code.