Oracle Database Server Core RDBMS component is prone to a remote vulnerability that allows attackers to exploit a stack-based buffer overflow in the EXECUTE procedure of DBMS_AW. Using an overly long parameter in the CDA command with the previous procedure, a stack-based buffer overflow will occur, overwriting the saved return address. This module requires database user credentials with 'Create Session' privilege.
The AVG Administration Server is vulnerable to arbitrary configuration settings. Due to insufficient input validation, an attacker can use the StoreServerConfig command (command id 0x27) to set the value of the ClientLibraryName parameter to a UNC path. The provided value can be a path to a network share containing a malicious .dll file. This .dll file will be executed in the context of the AVG Administration Server service which runs as SYSTEM.
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA, allows remote attackers to execute arbitrary code via a crafted HTTP request.
This module exploits a buffer overflow vulnerability in the LDAP service (nLDAP.exe) of the LDAP application. The exploit triggers a stack-based buffer overflow by sending a pre-authentication specially crafted packet to port 389/TCP of the vulnerable system and installs an agent if successful.
Zen Cart is prone to a vulnerability that attackers can leverage to execute arbitrary code. This issue occurs in the 'admin/record_company.php' script. Specifically, the application fails to sufficiently sanitize user-supplied input to the 'frmdt_content' parameter of the 'record_company_image' array.
A Remote Code Execution issue has been found in Zabbix version 1.6.2 and no authentication is required in order to exploit this vulnerability. Magic Quotes must be turned off in order to exploit this vulnerability. NOTE: Magic quotes is no longer supported by PHP starting with PHP 6.0
Input passed to the mydirname parameter in xoops_lib/modules/protector/oninstall.php, xoops_lib/modules/protector/onupdate.php, xoops_lib/modules/protector/notification.php, and xoops_lib/modules/protector/onuninstall.php is not properly sanitised before being used in an eval() statement. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation requires that register_globals is enabled.
Vulnerable code to arbitrary PHP code jnjection (works with magic_quotes_gpc = off) in /includes/converter.inc.php.
A unrestricted file upload vulnerability exists in includes/inline_image_upload.php within AutoSec Tools V-CMS 1.0. This allows remote attackers to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file in temp.
Traq is vulnerable to an authentication bypass vulnerability, which leads to PHP code injection.