Parallels is prone to an arbitrary code-execution vulnerability because of a design flaw in the affected application. An attacker can exploit this issue to create files in the host operating system, which could result in the execution of code.
Creates an .m3u file for a simple EIP overwrite. Buffer is mangled at esp (shellcode size < ~400) so ebx is a better choice. First overwrite eip with call ebx which points to the beginning of the buffer. Add 300 to ebx to jump past the eip overwrite and into shellcode (available space > 9400).
Turuncu Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
The Ezboo webstats application is vulnerable to an issue that allows attackers to gain administrative access to the application. This vulnerability occurs due to a lack of proper access validation.
The Meganoide's news application is vulnerable to a remote file-include vulnerability due to inadequate sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary PHP code within the context of the webserver process.
CedStat is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process.
Calendar Express is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The Deskpro application fails to properly sanitize user-supplied input, allowing an attacker to execute arbitrary script code in the browser of an unsuspecting user. This can lead to the theft of cookie-based authentication credentials and other attacks.
The ibProArcade application is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
WebTester is prone to multiple input-validation issues, including multiple cross-site scripting and multiple SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Services By CQR