header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Remote HTTP Header Buffer Overflow in MPlayer

MPlayer is prone to a remote HTTP header buffer overflow vulnerability. This issue occurs due to a failure of the application to properly verify buffer bounds on the 'Location' HTTP header during parsing. Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system within the security context of the user running the vulnerable process.

WebCT Campus Edition HTML Injection Vulnerability

The WebCT Campus Edition is prone to an HTML injection vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in the browser of an unsuspecting user. A malicious user could supply malicious HTML or script code to the application via the @import url() function of Microsoft Internet Explorer when posting a message on a forum, which would then be rendered in the browser of an unsuspecting user whenever the malicious message is viewed.

A-Cart Multiple Input Validation Vulnerabilities

A-Cart is prone to multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input prior to its use in SQL queries and generation of dynamic content. The SQL injection issue may allow a remote attacker to manipulate SQL query logic, potentially leading to access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation. The cross-site scripting issue could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.

Multiple SQL Injection, Cross-Site Scripting, and HTML Injection Vulnerabilities in Photopost PHP Pro

The application is prone to multiple vulnerabilities including SQL injection, cross-site scripting, and HTML injection. These vulnerabilities may allow an attacker to execute arbitrary HTML or script code in a user's browser and/or influence SQL query logic to disclose sensitive information and carry out other attacks.

AIX invscoutd Insecure Temporary File Handling Vulnerability

The AIX invscoutd process insecurely handles temporary files, allowing a local attacker to destroy data on the vulnerable system. This is due to a design error that allows a user to specify a log file that the process writes to while holding escalated privileges. A malicious user can exploit this issue to corrupt arbitrary files on the affected system, potentially leading to a system-wide denial of service. There is also a possibility that an attacker could gain escalated privileges, although this has not been confirmed.

Recent Exploits: