The Nuked-Klan application is prone to multiple vulnerabilities that include information disclosure via inclusion of local files, an issue that may permit remote attackers to corrupt configuration files, and an SQL injection vulnerability. The vulnerability allows attackers to include local files by manipulating the 'user_langue' parameter in the 'index.php' file. An attacker can also create an admin account by overwriting the 'GLOBALS' variable. The provided exploit code demonstrates how an attacker can create an admin account. This vulnerability can lead to unauthorized access and control of the application. The exploit code is written in PHP.
SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files. A remote attacker could exploit this issue to gain access to system files outside of the web root directory of the built-in web server. Files that are readable by the web server could be disclosed via this issue.
The Blackboard Learning System is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to a failure of the application to properly validate user-supplied URI input. The first issue affects the 'addressbook.pl' script, the second issue affects the 'tasks.pl' script, and the third issue affects three URI parameters of the 'calendar.pl' script. Remote attackers can exploit these vulnerabilities by creating a malicious link that includes hostile HTML and script code. If a victim user follows the link, the hostile code may be rendered in their web browser, potentially allowing for theft of authentication credentials or other attacks.
The application is affected by multiple vulnerabilities in various modules. These vulnerabilities can be exploited by a remote attacker to carry out attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. The vulnerabilities are present in the following URLs: - messu-read.php?offset=[INT]&flag=&priority=&flagval=&sort_mode=date_desc&find=[XSS] - messu-read.php?offset=[INT]&flag=&priority=&flagval=&sort_mode=[XSS] - messu-read.php?offset=[INT]&flag=&priority=&flagval=[XSS] - messu-read.php?offset=[INT]&flag=&priority=[XSS] - messu-read.php?offset=[INT]&flag=[XSS] - messu-read.php?offset=[XSS]
These vulnerabilities allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.
The application has multiple vulnerabilities including path disclosure, cross-site scripting (XSS), HTML injection, SQL injection, directory traversal, and arbitrary file upload. These vulnerabilities can be exploited by a remote attacker.
Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.
The Ettercap software version 0.7.5.1 and earlier is vulnerable to a stack overflow vulnerability, as identified by CWE-121. This vulnerability allows an attacker to execute arbitrary code or cause a denial of service (DoS) by sending a specially crafted input to the affected software. The vulnerability exists in the `ec_scan.c` file, specifically in the `fscanf` function call at line 633-635. By sending a maliciously crafted input, an attacker can trigger a stack overflow and potentially gain control over the affected system. This vulnerability has been assigned CVE-2012-0722.
Crackalaka is prone to a remote denial of service vulnerability that allows an attacker to crash the server by sending an excessive amount of data.
Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. The specific vulnerability exists in the 1st Class Mail Server version 4.01. However, other versions may also be affected. An attacker can exploit these vulnerabilities by sending a specially crafted request to the affected server, allowing them to traverse directories and execute arbitrary scripts in the context of a victim's browser.