A vulnerability within the xrvkp module allows an attacker to inject memory they control into an arbitrary location they define. This vulnerability can be used to overwrite function pointers in HalDispatchTable resulting in an elevation of privilege.
Bedita 3.5.1 contains multiples flaws that allows a persistent remote cross site scripting attack in the 'cfg[projectName]', 'data[stats_provider_url]' and 'data[description]' parameters. This could allow malicious users to create a specially crafted POST request that would execute arbitrary code in a user's browser in order to gather data from them or to modify the content of the page presented to the user.
The vulnerability allows an attacker to include a remote file in the application, which can lead to remote code execution.
This exploit targets a vulnerability in the GDI component of MS Windows, specifically related to .ANI files. By exploiting this vulnerability, an attacker can elevate their privileges on the targeted system. The exploit takes advantage of the MS07-017 security update.
The Open-Realty application is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions and gain access to the affected application. Other attacks are also possible.
This module exploits the rootpipe vulnerability and bypasses Apple's initial fix for the issue by injecting code into a process with the 'admin.writeconfig' entitlement.
This exploit allows an attacker to include a remote file in the phporacleview script, specifically in the inc/include_all.inc.php file. By manipulating the 'page_dir' parameter in the URL, an attacker can include a malicious file hosted on a remote server.
There is a textfield within the program that asks for IPs to be blocked against the FTP server that is vulnerable to an SEH based buffer overflow.
The vulnerability allows an attacker to bypass the cross-site scripting filter mechanism, enabling them to execute arbitrary script code and steal cookie-based authentication credentials.
The PHP BandManager application is vulnerable to remote file inclusion due to the insecure use of the include function. By manipulating the 'pg' parameter in the 'index.php' file, an attacker can include arbitrary files from remote servers.