SoftMaker Shop is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
This exploit is used to cause a denial of service (DoS) on Essentia Web Server 2.15. It sends a large number of 'A' characters to the server, causing it to crash.
Fcron is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. This issue allows local attackers to execute arbitrary machine code with superuser privileges, since the affected utility is installed setuid-superuser by default in some installations. This allows attackers to completely compromise affected computers.
SPIP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
SPIP is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
SZUserMgnt is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
FarsiNews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Daffodil CRM is prone to an SQL injection vulnerability due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Mozilla Firefox is prone to a security vulnerability that may let a Web page execute malicious script code in the context of an arbitrary domain. The issue affects the '-moz-binding' property. This could allow a malicious site to access the properties of a trusted site and facilitate various attacks including disclosure of sensitive information.
XM Easy Personal FTP Server <= 5.2.1 is vulnerable to a remote denial of service attack. An attacker can send a specially crafted 'NLST -al' command with 9000 bytes of data to the FTP server, causing it to crash.
Services By CQR