An attacker can make a user with access privileges to a page containing malicious script and send some parameters injected JavaScript to the database.
GeniXCMS v0.0.3 is vulnerable to persistent and reflected XSS. Persistent XSS can be exploited by injecting malicious code into the content and title input fields. Reflected XSS can be exploited by sending a malicious URL containing a script to the victim. The script will be executed when the victim visits the URL.
The Nmedia WordPress Member Conversation plug-in for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
A buffer overflow vulnerability was discovered in Adobe Photoshop CC 2014 and Bridge CC 2014. The vulnerability is caused due to a boundary error when processing user-supplied data. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted file. Successful exploitation may allow execution of arbitrary code.
The vulnerability is caused due to a boundary error within the processing of GIF images and can be exploited to cause a heap-based memory corruption. Successful exploitation may allow execution of arbitrary code.
The dasboard tool is part of the Seagate software solution for storage. The Dashboard.exe process opens a random port in the 5000-6000 range on each launch. The attached Python script will send 3100 A's to the target port. This will cause a crash in the Dashboard.exe process.
When parsing a print job request, cupsd can be forced to over-decrement the reference count for a string from the request. As a result, an attacker can prematurely ffree a string, and use the freed memory to control the execution flow of cupsd.
HansoPlayer 3.4.0 is vulnerable to a memory corruption vulnerability due to improper validation of user-supplied input. An attacker can exploit this vulnerability by crafting a malicious .wav file and sending it to the victim, resulting in a denial of service condition.
WinylPlayer 3.0.3 is vulnerable to a memory corruption vulnerability due to improper validation of user-supplied input. An attacker can exploit this vulnerability by crafting a malicious .wav file and sending it to the victim, which will cause the application to crash.
Lively cart is shping cart script and search parameter(search_query) in not filtering user supplied data and hence affected from SQL injection vulnerability.
Services By CQR