A local attacker may leverage this issue to gain access to potentially sensitive information about user permissions and accessed files. Information gained may aid in further attacks against the affected computer.
This vulnerability allows an attacker to disclose the source code of files in the cwmExplorer 1.0 application. The vulnerability exists in the show_file parameter, which is not properly sanitized before being used in a file inclusion operation. By manipulating the show_file parameter, an attacker can specify the path of any file on the server and view its source code.
The application fails to properly sanitize user-supplied input, leading to a remote file-include issue and two cross-site scripting vulnerabilities. An attacker can exploit these issues to execute arbitrary PHP code or steal authentication credentials.
Multiple input-validation vulnerabilities in Magic News Pro allow remote attackers to execute arbitrary PHP code or steal cookie-based authentication credentials via (1) a remote file-include issue and (2) two cross-site scripting vulnerabilities. An attacker can exploit these issues to execute arbitrary PHP code in the context of the webserver process or to steal cookie-based authentication credentials.
The phpTrafficA application is prone to multiple directory-traversal vulnerabilities due to improper input sanitization. An attacker can exploit these vulnerabilities to retrieve arbitrary files from the affected system. This can lead to further attacks.
CedStat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The Google Desktop application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. Attackers can exploit this vulnerability in conjunction with a latent cross-site scripting vulnerability in the 'google.com' domain to execute arbitrary script code in the browser of an unsuspecting user. This can allow attackers to access the contents of the Google Desktop search index or potentially execute arbitrary code.
Userpages2 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
The MyCalendar application is vulnerable to multiple cross-site scripting vulnerabilities due to inadequate sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, within the context of the affected site. This can lead to the theft of authentication credentials and enable the attacker to launch further attacks.
An integer overflow vulnerability exists within ImageIO when processing a malformed .gif file. This allows for an attacker to cause the application to crash and potentially execute arbitrary code on the targeted host.