Virtual Host Administrator is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Applications using the gtk2 library may be prone to a denial-of-service vulnerability because the library fails to handle malformed image data. An attacker can exploit this issue to crash applications on a victim's computer.
Change of permissions functionality was found to miss unique token in the form.
This PL/SQL code exploits the Oracle extproc directory traversal bug to remotely execute arbitrary OS commands with the privileges of the DBMS user (the CREATE [ANY] LIBRARY privilege is needed).
The vulnerability exists in Mac OS X QuickDraw due to its failure to handle malformed PICT image files correctly. This can be exploited by remote attackers to corrupt memory and crash the affected software. It may also potentially allow the execution of arbitrary machine code, although this has not been confirmed.
An attacker can exploit this issue to gain administrative access to the embedded webserver running on the affected device. This may allow attackers to completely compromise affected devices.
The 212Cafe Guestbook application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability by injecting arbitrary script code into the affected site, which can then be executed in the browser of an unsuspecting user. This allows the attacker to potentially steal authentication credentials and launch further attacks.
Bitweaver is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The application fails to properly sanitize user-supplied input, leading to multiple XSS vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user, potentially stealing authentication credentials and launching further attacks.
The Unique Ads application is vulnerable to SQL injection due to improper sanitization of user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Services By CQR