A-Cart is prone to multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input prior to its use in SQL queries and generation of dynamic content. The SQL injection issue may allow a remote attacker to manipulate SQL query logic, potentially leading to access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation. The cross-site scripting issue could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
The application is prone to multiple vulnerabilities including SQL injection, cross-site scripting, and HTML injection. These vulnerabilities may allow an attacker to execute arbitrary HTML or script code in a user's browser and/or influence SQL query logic to disclose sensitive information and carry out other attacks.
The vulnerability exists due to a failure of NSTX to handle network strings of excessive length. A remote attacker can exploit this vulnerability by sending a specially crafted network string, causing the affected process to crash and denying service to legitimate users.
The AIX invscoutd process insecurely handles temporary files, allowing a local attacker to destroy data on the vulnerable system. This is due to a design error that allows a user to specify a log file that the process writes to while holding escalated privileges. A malicious user can exploit this issue to corrupt arbitrary files on the affected system, potentially leading to a system-wide denial of service. There is also a possibility that an attacker could gain escalated privileges, although this has not been confirmed.
NetSupport School is prone to a password-encryption vulnerability because the application fails to protect passwords with a sufficiently effective encryption scheme.Exploiting this issue may allow an attacker to access user and administrator passwords for the affected application.
Multiple locally and remotely exploitable buffer overrun and format strings were reported in emil. This could permit execution of arbitrary code in the context of the software.
HP Web JetAdmin is prone to a directory traversal vulnerability that allows remote attackers to access information outside the server root directory. This vulnerability occurs due to insufficient sanitization of user-supplied data passed via the 'setinclude' parameter of the 'setinfo.hts' script. Attackers can exploit this vulnerability to upload malicious files and gain unauthorized access to a vulnerable server.
The Nexgen FTP server is prone to a remote directory traversal vulnerability. This vulnerability allows authenticated users to bypass file request string sanitization and gain access to sensitive information on the server. An attacker can exploit this vulnerability to launch further attacks on the system.
The FirstClass HTTP Server is prone to a cross-site scripting vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in a user's browser. The vulnerability is caused by insufficient sanitization of user-supplied data via the 'TargetName' parameter of the 'Upload.shtml' script. An attacker can exploit this issue by injecting malicious code into the 'TargetName' parameter, which will be executed in the context of the user's browser when the vulnerable script is accessed.
The 'man' command is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation. Exploiting this issue allows attackers to execute malicious machine code with the privileges of the 'man' utility. This can result in the compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.
Services By CQR