An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to scan a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
An attacker can exploit these issues to cause an affected application to crash, denying service to legitimate users.
This exploit allows an attacker to access sensitive server log files by exploiting a directory traversal vulnerability. By manipulating the 'folder' parameter, the attacker can traverse the file system and access log files located outside the intended directory. The attacker sends a specially crafted HTTP request to the target server, causing it to disclose the contents of the log files in the server's response.
This module exploits a buffer overflow vulnerability in Advantec WebAccess. The vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to sprintf can be reached with user controlled data through the GetColor function. This module has been tested successfully on Windows XP SP3 with IE6 and Windows 7 SP1 with IE8 and IE 9.
A stack overflow vulnerability exists in WarFTP 1.65, which can be triggered by sending a long username (>480 bytes) along with the USER ftp command. This exploit binds a shell on TCP port 4444 and connects to it.
The DragDropCart application is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied data. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially stealing authentication credentials and launching further attacks.
Input passed to the "$moddir" parameter in load.inc.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
Input passed to the "$base_path." parameter in base.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
The 'com_tax' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This exploit allows an attacker to perform SQL injection in the search.asp page of JGBBS 3.0beta1. By injecting a specially crafted SQL query in the 'author' parameter, an attacker can retrieve sensitive information from the database.