The vulnerability allows an attacker to include remote files in the nfnaddressbook.php script. By manipulating the 'mosConfig_absolute_path' parameter, an attacker can execute malicious code hosted on a remote server.
Local attackers can exploit this issue execute arbitrary code with superuser privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
In Android <5.0, a SQL injection vulnerability exists in the opt module WAPPushManager, attacker can remotely send malformed WAPPush message to launch any activity or service in the victim's phone (need permission check)
This module attempts to exploit multiple issues in order to gain remote code execution under Pandora FMS version <= 5.0 SP2. First, an attempt to authenticate using default credentials is performed. If this method fails, a SQL injection vulnerability is leveraged in order to extract the 'Auto Login' password hash. If this value is not set, the module will then extract the administrator account's MD5 password hash.
The php-revista <= 1.1.2 script is vulnerable to remote SQL injection. An attacker can exploit this vulnerability to execute arbitrary SQL queries and potentially gain unauthorized access to the database.
Vanilla Forums is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The GD Star Rating plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The exploit takes advantage of a stack overflow vulnerability in Mercur Messaging 2005 SP3 IMAP service. It allows an attacker to add a user with username 'x' and password 'x' to the admin group. The exploit has been tested on Windows 2000 Server SP4 in a VMware environment. The overflow occurs when the EBX register points to a buffer, which provides a maximum of 224 bytes of uninterrupted space for shellcode.
The vulnerability exists due to a NULL-pointer dereference condition in Battlefield 2 and Battlefield 2142. An attacker can exploit this vulnerability to crash the application, leading to a denial-of-service condition.
The IBM Lotus Sametime Server is vulnerable to a cross-site scripting (XSS) vulnerability due to insufficient sanitization of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a targeted user within the context of the affected site. This can lead to the theft of cookie-based authentication credentials and the launch of further attacks.
Services By CQR