Yapig is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
WebGUI is prone to an arbitrary command execution vulnerability. This is due to insufficient sanitization of user-supplied data. This issue can facilitate unauthorized remote access.
The vulnerability allows attackers to inject SQL commands into the application's database query. This can lead to unauthorized access, data disclosure, and potential exploitation of other vulnerabilities in the database.
WinRAR is prone to multiple remote vulnerabilities. These issues include a format string and a buffer overflow vulnerability. Successful exploitation may allow an attacker to execute arbitrary code on a vulnerable computer.
up-IMAPProxy is prone to multiple unspecified remote format-string vulnerabilities. Successful exploitation could cause the application to crash or to execute arbitrary code in the context of the application. Specific details of these issues are not currently known. This BID will be updated when further information becomes available.
Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities.Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible.
The vulnerabilities in Cyphor could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible.
Remote attackers can stop the TNS Listener service in Oracle Forms by issuing a specific HTTP request.
The aeNovo application fails to properly sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a user visiting the affected site. This can result in the theft of authentication credentials and other malicious activities.
Multiple SQL injection vulnerabilities in Aenovo, aeNovoShop, and aeNovoWYSI allow attackers to execute arbitrary SQL commands via the 'strSQL' parameter in the search.asp script.
Services By CQR