Sun Java System Calendar Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Sun Java System Calendar Server is prone to a denial-of-service vulnerability because it fails to handle certain duplicate URI requests. An attacker can exploit this issue to crash the Calendar Server, resulting in a denial-of-service condition.
TikiWiki is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.
Multiple SlySoft products are prone to multiple buffer-overflow vulnerabilities because they fail to adequately validate user-supplied input. A local attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Failed attacks will result in denial-of-service conditions.
Sun xVM VirtualBox is prone to a local privilege-escalation vulnerability. An attacker can exploit this vulnerability to run arbitrary code with superuser privileges. The attacker can create a shared library file with a constructor that calls setuid() and execve() to execute a shell with root privileges. The attacker then needs to create a symbolic link to the VirtualBox binary and execute it.
PostgreSQL is prone to a remote denial-of-service vulnerability. Exploiting this issue may allow attackers to terminate connections to the PostgreSQL server, denying service to legitimate users. An attacker can exploit this issue by creating two default conversions and then setting the client encoding to 'LATIN1'. This will cause an invalid byte sequence error and terminate the connection.
PostgreSQL is prone to an information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. An attacker can exploit this vulnerability by creating a malicious function and using it to access restricted data. An example of such a function is provided in the text.
Nenriki CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker can exploit this issue by sending maliciously crafted SQL statements to the vulnerable application. The following example code is available: javascript:document.cookie ="password=1; path=/" then javascript:document.cookie ="ID=' union select 0,0,0,concat(id,name,char(58),password),0,0 from users--; path=/"
IBM Director is prone to a privilege-escalation vulnerability that affects the CIM server. Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of the CIM server process.
PHORTAIL is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
Services By CQR