The PHPX application is vulnerable to multiple input-validation vulnerabilities due to improper sanitization of user-supplied input. These vulnerabilities can be exploited by an attacker to steal cookie-based authentication credentials, execute arbitrary script code within the webserver process context, compromise the application, gain access to sensitive information, modify data, or exploit latent vulnerabilities in the underlying database implementation.
The PHPX application fails to properly sanitize user-supplied input, leading to multiple input-validation vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code, compromise the application, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, compromise the application, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
The Guesbara application is vulnerable to a flaw that allows attackers to change the administrative password. By exploiting this vulnerability, an attacker can gain administrative access to the affected application, leading to a complete compromise of the application.
The file(1) command is prone to an integer-underflow vulnerability because the command fails to adequately handle user-supplied data. An attacker can leverage this issue to corrupt heap memory and execute arbitrary code with the privileges of a user running the command. A successful attack may result in the compromise of affected computers. Failed attempts will likely cause denial-of-service conditions.
This weakness allows attackers to enable the 'register_globals' directive in PHP by exploiting a memory-limit exception. Enabling 'register_globals' may allow further exploitation of latent vulnerabilities in PHP scripts. This issue is related to the weakness found in the non-multibyte 'parse_str()' from BID 15249.
PhpStats is prone to a remote code-execution vulnerability because the application fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary PHP code on an affected computer with the privileges of the webserver process.
Php-Stats is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Oracle Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Holtstraeter Rot 13 is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve the contents of arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.