Remote attackers may exploit this issue by submitting malicious ARP requests to the vulnerable computer. To exploit this issue, attackers must have access to the local network segment of a target computer. Remote attackers can exploit this issue to cause the network interface to stop responding, denying further service to legitimate users.
The Atlassian JIRA application fails to properly sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities. An attacker can exploit this by injecting arbitrary script code into the browser of a victim user, allowing them to steal authentication credentials and launch further attacks.
This vulnerability occurs when attackers supply invalid argument values to the 'SPBBCDrv.sys' driver, resulting in a crash of affected computers and denying service to legitimate users.
Remote attackers can exploit this vulnerability to consume excessive system resources, causing the software to become unresponsive and denying service to legitimate users.
PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory. Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. This issue may help the attacker gain unauthorized access.
The PHP open_basedir restriction-bypass vulnerability allows attackers to access sensitive information or write files in unauthorized locations. This vulnerability is due to a design error. It can be exploited in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code. The 'safe_mode' and 'open_basedir' restrictions are expected to isolate users from each other, but this vulnerability bypasses those restrictions.
LimeSurvey suffers from a stored cross-site scripting and SQL Injection vulnerability. Input passed to the 'label_name' POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Input passed to the 'group_name' POST parameter is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a heap-based buffer overflow. Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
The HP JetDirect FTP Print Server is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue on an affected computer to deny service to legitimate users.