Multiple input validation vulnerabilities affect PhotoPost Pro. These include cross-site scripting vulnerabilities in 'slideshow.php', 'showgallery.php', and 'showmembers.php' scripts, as well as SQL injection vulnerabilities in 'showmembers.php' and 'showphoto.php' scripts. These vulnerabilities occur due to the application's failure to properly sanitize user-supplied input.
ColdSub-Zero.pyFusion v2 is a remote root zeroday exploit for ColdFusion 9 and 10. It allows an attacker to gain root access to the target system.
Multiple input validation vulnerabilities affect exoops, allowing attackers to carry out cross-site scripting and SQL injection attacks. This can lead to theft of authentication credentials, destruction or disclosure of sensitive data, and other potential attacks.
A local signed-buffer-index vulnerability affects the Linux kernel because it fails to securely handle signed values when validating memory indexes. A local attacker may leverage this issue to gain escalated privileges on an affected computer.
Nuke Bookmarks is prone to a path disclosure issue when invalid data is submitted. This issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer.
The Topic Calendar application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability by injecting arbitrary script code into the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.
The vulnerability exists in the '/yourauctions_p.php' file of the WeBid auction script package. The code snippet starting from line 29 allows an attacker to perform blind SQL injection by manipulating the '$_POST['startnow']' parameter. This can lead to unauthorized access to the database or disclosure of sensitive information. Additionally, the code snippet does not properly sanitize user input, which could result in local file disclosure.
This exploit allows an attacker to perform SQL injection on the Craigslist Clone Gold script. By manipulating the 'view' parameter in the URL, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database. The specific payload used in the exploit is '-1 union select concat(email,0x3a,code) from clf_ads--'.
This is a proof-of-concept exploit for an unknown vulnerability in Office 2003 that allows for control of the ecx register. The exploit is triggered by executing the provided code.
A remote denial of service vulnerability affects Spinworks Application Server. This issue is due to a failure of the application to properly handle malformed requests. An attacker may leverage this issue to trigger a denial of service condition in the affected software.
Services By CQR