An attacker can supply excessive data to the 'MDSYS.MD2.SDO_CODE_SIZE' procedure, resulting in overflowing a destination buffer. This can be leveraged to execute arbitrary code and gain 'SYSDBA' privileges.
A local file overwrite vulnerability affects SGI IRIX. This issue is due to a failure of the affected utility to drop privileges prior to carrying out critical functionality. An attacker may leverage this issue to cause the affected utility to write data to any file on the affected computer with superuser privileges. Although unconfirmed, it is possible that this issue may be leveraged for privilege escalation.
RUMBA is reported prone to multiple buffer overflow vulnerabilities. Theses issues are reported to manifest when RTO and WPA profiles are loaded by the software. Ultimately it is conjectured that this issue may be exploited by a remote attacker to execute arbitrary attacker-supplied code in the context of the vulnerable software.
The application fails to properly sanitize user-supplied input, leading to cross-site scripting and SQL injection vulnerabilities. The cross-site scripting vulnerabilities affect the 'content.asp' script, while the SQL injection vulnerability affects the 'ad_click.asp' script.
Multiple input validation vulnerabilities affect PhotoPost Pro. These include cross-site scripting vulnerabilities in 'slideshow.php', 'showgallery.php', and 'showmembers.php' scripts, as well as SQL injection vulnerabilities in 'showmembers.php' and 'showphoto.php' scripts. These vulnerabilities occur due to the application's failure to properly sanitize user-supplied input.
ColdSub-Zero.pyFusion v2 is a remote root zeroday exploit for ColdFusion 9 and 10. It allows an attacker to gain root access to the target system.
Multiple input validation vulnerabilities affect exoops, allowing attackers to carry out cross-site scripting and SQL injection attacks. This can lead to theft of authentication credentials, destruction or disclosure of sensitive data, and other potential attacks.
A local signed-buffer-index vulnerability affects the Linux kernel because it fails to securely handle signed values when validating memory indexes. A local attacker may leverage this issue to gain escalated privileges on an affected computer.
Nuke Bookmarks is prone to a path disclosure issue when invalid data is submitted. This issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer.
The Topic Calendar application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability by injecting arbitrary script code into the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.
Services By CQR
