dizqueTV version 1.5.3 is susceptible to a remote code execution vulnerability that allows attackers to execute unauthorized commands remotely. By manipulating the FFMPEG Executable Path in the settings to include a malicious command like "; cat /etc/passwd && echo 'poc'", an attacker can view the content of /etc/passwd.
The Joomla Component com_iproperty 1.5.3 (id) is vulnerable to SQL Injection. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the target system.
ClipShare is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
ToendaCMS is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
The vulnerability is caused due to an input validation error when processing HTTP requests. This can be exploited to break all services http & ftp.
This exploit allows an attacker to include remote files by manipulating the 'gb_pfad' parameter in the 'functions_inc.php' file. The vulnerability exists in S-Gästebuch version 1.5.3.
K-Meleon is prone to multiple denial-of-service vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to crash the application. Given the nature of these vulnerabilities, the attacker may also be able to execute arbitrary code; this has not been confirmed.
Softerra PHP Developer Library is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable parameter 'catid' in the 'index.php' script. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.