A remote SQL injection vulnerability reportedly affects ipbProArcade. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
The Opera Web Browser Java implementation has multiple remote vulnerabilities due to its insecure proprietary design. An attacker can craft a Java applet that violates Sun's Java secure programming guidelines. These vulnerabilities can be leveraged to carry out various attacks, including sensitive information disclosure and denial of service attacks. Successful exploitation would occur with the privileges of the user running the affected browser application.
The vulnerabilities in the Opera Web Browser Java implementation allow an attacker to craft a Java applet that violates Sun's Java secure programming guidelines. These vulnerabilities can be exploited to carry out various attacks, including sensitive information disclosure and denial of service attacks. Successful exploitation would occur with the privileges of the user running the affected browser application.
A local user can exploit the Altiris Deployment Solution Client interface to escalate privileges.
A local user can exploit the administration console interface in Mailtraq to escalate privileges. By double-clicking on the Mailtraq icon in the Taskbar, right-clicking in the right text pane and choosing View Source, and then opening cmd.exe with SYSTEM privileges, the user can launch a command prompt with elevated privileges.
A remote SQL injection vulnerability affects Inivision Power Board. This issue is due to a failure of the application to properly validate user-supplied input prior to using it in an SQL query. An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
A vulnerability exists in the phpBB Cash_Mod module that allows an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system. Remote attackers could exploit this issue via a vulnerable variable to include a remote malicious PHP script, which will be executed in the context of the web server hosting the vulnerable software.
Cscope creates temporary files in an insecure way, allowing attackers to create malicious symbolic links and overwrite arbitrary files with the privileges of an unsuspecting user.
Cscope creates temporary files in an insecure way, allowing attackers to create malicious symbolic links that Cscope will write to when executed by an unsuspecting user. This can lead to arbitrary file overwriting.
The Event Calendar software is prone to multiple input validation vulnerabilities, including HTML injection and cross-site scripting. These vulnerabilities can be exploited to execute hostile HTML and script content in the browser of a victim user, extract sensitive information from the database, and execute attacker-supplied HTML and script content in the browser of the victim user.