PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
PHPProbid is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
EasyMoblog is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve sensitive information, access or modify data, or exploit latent vulnerability in the underlying database implementation.
OpenEMR is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This module exploits a SQL injection flaw in Symantec Altiris Deployment Solution 6.8 to 6.9.164. The vulnerability exists on axengine.exe which fails to adequately sanitize numeric input fields in "UpdateComputer" notification Requests. In order to spawn a shell, several SQL injections are required in close succession, first to enable xp_cmdshell, then retrieve the payload via TFTP and finally execute it. The module also has the capability to disable or enable local application authentication. In order to work the target system must have a tftp client available.
The exploit allows attacker-supplied data to be written to arbitrary memory locations, facilitating the execution of arbitrary machine code with the privileges of a targeted application. Failed exploit attempts may crash the application.
This exploit targets a SEH buffer overflow vulnerability in ALLPlayer 5.6.2. By opening a specially crafted .m3u file, an attacker can trigger the vulnerability and execute arbitrary code.
EncapsCMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
MDPro is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Flip4Mac is prone to a remote memory-corruption vulnerability because the application fails to properly handle malformed WMV files. An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.
Services By CQR