This exploit allows an attacker to include local files on the target system by manipulating the 'file' parameter in the URL. By specifying a relative path to a sensitive file, such as the PHP configuration file or the password file, the attacker can view the contents of these files.
IPFire <= 2.15 core 82 Cgi Web Interface suffers from Authenticated Bash Environment Variable Code Injection (CVE-2014-6271). IPFire is a free Linux distribution which acts as a router and firewall in the first instance. It can be maintained via a web interface. The distribution furthermore offers selected server-daemons and can easily be expanded to a SOHO-server. IPFire is based on Linux From Scratch and is, like the Endian Firewall, originally a fork from IPCop.
The Torrent DVD Creator application is vulnerable to a DLL hijacking exploit. An attacker can trick a user into opening a file from a network share location that contains a specially crafted DLL file, which allows the attacker to execute arbitrary code.
The 'com_jstore' component for Joomla! is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
The vulnerability allows attackers to execute arbitrary code by tricking a user into opening a specially crafted DLL file from a network share location using Notepad++ 5.8.2. The exploit code presented in the text demonstrates the execution of a message box, but it can be modified to execute any arbitrary code.
The e2eSoft VCam application is prone to a vulnerability that allows attackers to execute arbitrary code. This can be exploited by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
The Oracle Fusion Middleware BPEL Console is prone to a cross-site scripting vulnerability. This vulnerability can be exploited over the 'HTTP' protocol by an attacker with 'Valid Session' privileges. By leveraging this vulnerability, an attacker can execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of cookie-based authentication credentials and other attacks.
The 'com_trade' component for Joomla! and Mambo is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this vulnerability could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
NetStumbler is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
Services By CQR