An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted DLL file.
This module exploits a stack buffer overflow in HP Network Node Manager I (NNMi). The vulnerability exists in the pmd service, due to the insecure usage of functions like strcpy and strcat while handling stack_option packets with user controlled data. In order to bypass ASLR this module uses a proto_tbl packet to leak an libov pointer from the stack and finally build the rop chain to avoid NX.
This module exploits the code injection flaw known as shellshock which leverages specially crafted environment variables in Bash. This exploit specifically targets Pure-FTPd when configured to use an external program for authentication.
This exploit bypasses all protections in EMET 5.0 and 4.1 but DEP.
ALPHA Player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
This exploit allows attackers to execute arbitrary code by enticing a user to open a file from a network share location that contains a specially crafted DLL file. The vulnerability affects PowerDVD version 5.00.1107 and potentially other versions as well.
The vulnerability allows an attacker to inject SQL queries through the 'jobid' parameter in the 'joblogs.php' page of the Bacula-web application. This can lead to unauthorized access to the database and potentially execute malicious commands.
eXV2 CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The vulnerability is caused by an invalid include function in the comanda.php file, which allows an attacker to include remote files and execute arbitrary code.
The AdvertisementManager application fails to sufficiently sanitize user-supplied input, leading to local and remote file-include vulnerabilities. Exploiting these vulnerabilities may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer.