An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Duyuru Scripti is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this vulnerability could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks.
An attacker can exploit this vulnerability to cause Firefox to crash, resulting in denial-of-service conditions.
URLshrink Free is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Conquest is prone to multiple remotely exploitable vulnerabilities, including a stack-based buffer-overflow vulnerability and a memory-corruption vulnerability. An attacker can exploit these issues to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.
The SILC Server is vulnerable to a denial-of-service attack due to its failure to handle exceptional conditions. By exploiting this vulnerability, an attacker can crash the server, resulting in a denial of service for legitimate users.
The ePortfolio application fails to sanitize user-supplied data, leading to various attacks such as cross-site scripting and SQL injection.
KDE Konqueror is prone to a remote denial-of-service vulnerability because of an error in KDE's JavaScript implementation. An attacker may exploit this vulnerability to cause Konquerer to crash, resulting in denial-of-service conditions. Konqueror included with KDE version 3.5.5 is vulnerable; other versions may also be affected.
The Zend Platform is prone to an issue that may let local attackers modify the PHP configuration file ('php.ini'). This issue occurs because the application is installed with an 'ini_modifier' program that may be executed by local users and will bypass the authentication that is required by the application to change the configuration file. An attacker could add a malicious PHP extension to the configuration or otherwise tamper with PHP configuration directives. A successful exploit could grant the attacker elevated privileges on the computer.
The Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues. These vulnerabilities occur due to the application failing to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Services By CQR