This modules exploits a vulnerability found in the Honewell HSC Remote Deployer ActiveX. This control can be abused by using the LaunchInstaller() function to execute an arbitrary HTA from a remote location. This module has been tested successfully with the HSC Remote Deployer ActiveX installed with HoneyWell EBI R410.1.
The vulnerability allows remote attackers via POST method to inject local app webserver folders to request unauthorized local webserver files.
PowerPortal is vulnerable to remote SQL injection due to a failure in validating user-supplied input before including it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted request to the affected application.
The NetNote server is prone to a remote denial of service vulnerability. This vulnerability occurs because the application does not handle exceptional conditions properly. By sending a specially crafted payload to the server, an attacker can cause the server to crash, resulting in a denial of service.
Thefacebook is affected by various cross-site scripting vulnerabilities. These vulnerabilities occur due to a failure to properly sanitize user-supplied URI input. An attacker can create a malicious URI link containing hostile HTML and script code. If a victim user follows this link, the malicious code can be executed in the web browser, potentially leading to the theft of authentication credentials or other attacks.
A remote HTTP response splitting vulnerability reportedly affects phpWebSite in its user module. This issue is due to a failure of the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
The Aztek Forum is prone to multiple input validation vulnerabilities that allow an attacker to carry out cross-site scripting (XSS) and possibly other attacks. These vulnerabilities can be exploited by injecting malicious code into specific parameters.
The vulnerabilities in 04WebServer allow for cross-site scripting attacks and log injection due to improper input sanitization. An attacker can exploit these issues to execute arbitrary scripts on the affected server and inject arbitrary characters into log files, potentially leading to corruption.