The Vivvo Article Management CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
AdMentor is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Apple Installer is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. A successful attack may crash the application or possibly allow the attacker to execute arbitrary code. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.
An attacker can inject arbitrary script code in the context of a victim's Internet Explorer temporary folder using Yahoo! Messenger. This can lead to information theft and other attacks.
The FD Script application fails to properly sanitize user-supplied input, which can be exploited by an attacker to retrieve arbitrary files from the vulnerable system. This vulnerability exists in FD Script 1.32 and prior versions. By sending a specially crafted request to the 'download.php' script with a manipulated 'fname' parameter, an attacker can retrieve sensitive information from the targeted system, potentially aiding in further attacks.
The PHPUpdate version 2.7 and below is vulnerable to an authentication bypass and shell injection vulnerability. This exploit works regardless of the php.ini settings and against the flat-file version of PHPUpdate. An attacker can execute arbitrary commands on the target server by exploiting this vulnerability. The vulnerability can be exploited by sending a specially crafted packet to the target server.
PHP Membership Manager is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The 'xine' program is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers.
Apple Software Update is prone to a format-string vulnerability. This issue presents itself because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.
Attackers can exploit these issues to consume memory and bandwidth resources, denying service to legitimate users, or to gain information that may aid in further attacks.
Services By CQR