Abarcar Realty Portal is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Tekno.Portal is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Hogstorps guestbook is prone to an access-authorization vulnerability. The issue occurs because the affected script fails to prompt for authentication credentials. An attacker can exploit this issue to delete and modify application data. This could aid in further attacks on the affected computer.
Snort is reportedly prone to a vulnerability that may allow malicious packets to bypass detection. A successful attack can allow attackers to bypass intrusion detection and to carry out attacks against computers protected by Snort. This vulnerability affects Snort 2.4.4. Other versions may be vulnerable as well. Examples of malicious packets include: perl -e'print "GET /www.example.com?paramter=|backdoorr http/1.0rnrn"'|nc vulnerable.server 80; perl -e 'print "GET x90x90x0d http/1.0rnrn"'|nc 192.168.1.3 80; perl -e 'print "GET x0d/index.phpx90x90 HTTP/1.0nrn"'|nc 192.168.1.3 80
A buffer overflow vulnerability exists in Microsoft Internet Explorer due to a boundary error when handling MHTML protocol requests. This issue is due to a failure of the application to properly bounds check user-supplied input before copying it into an insufficiently sized memory buffer. This issue may be exploited by enticing a user to open a maliciously crafted MHTML protocol request. Successful exploitation of this issue may allow an attacker to execute arbitrary code in the context of the user running the application.
osTicket is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
phpMyDesktop|arcade is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts. An attacker may also be able to execute arbitrary code by way of uploaded images. The vulnerability is present due to insufficient sanitization of user-supplied input to the 'todo' parameter in 'index.php' when 'showsubsite' is specified.
ToendaCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The D-Link Airspot DSA-3100 Gateway device is prone to a cross-site scripting vulnerability. This issue is due to a failure to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
EVA-Web is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Services By CQR