Watchguard Server Center is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain SYSTEM privileges. Successful exploits will result in the complete compromise of affected computers. An attacker can exploit this vulnerability by using a malicious DLL to execute arbitrary code with SYSTEM privileges.
Flo CMS is vulnerable to an SQL injection vulnerability due to insufficient sanitization of user-supplied data before using it in an SQL query. Exploiting this vulnerability could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Example exploit URL: http://www.example.com/blog/index.asp?archivem='
dBlog CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
pwStore is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the application, denying service to legitimate users.
Xibo is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
Xibo is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.
appRain CMF is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. An attacker can craft a malicious HTML page that contains a form with hidden fields and submit it to the vulnerable application. The application will then process the form and perform the specified actions.
Aloaha PDF Suite is prone to a stack-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
Nmap is prone to an arbitrary file-write vulnerability. An attacker can exploit this issue to write arbitrary files with the permissions of the user running the nmap client. This will allow the attacker to fully compromise the affected machine.
cm3 Acora CMS is prone to an information-disclosure vulnerability. Successful exploits of this issue lead to disclosure of sensitive information which may aid in launching further attacks.
Services By CQR