A remote file inclusion vulnerability exists in yaplap versions 0.6 and 0.6.1. The vulnerable code is include $LOGIN_style."_form.php";, which can be exploited by sending a specially crafted HTTP request containing a malicious URL in the site_main_path parameter. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
Mini Web Shop is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
osTicket Support Cards is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
HP Printers running FTP Print Server are prone to a buffer-overflow vulnerability. This issue occurs because the application fails to boundscheck user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
KDE libkhtml is prone to a denial-of-service vulnerability. This issue is triggered when an attacker convinces a victim user to open a malicious HTML document via an affected application such as kmail or Konqueror. Remote attackers may exploit this issue to crash applications that use the affected library, effectively denying service to legitimate users.
An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the ActiveX control.
Contra Haber Sistemi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
eXtreme-fusion is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute remote code. By combining this issue with the file-upload functionality of the application, the attacker may be able to execute remote code.
Omniture SiteCatalyst is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer.
Services By CQR