VEGO Links Builder is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The VEGO Web Forum is prone to an SQL injection vulnerability. This vulnerability occurs due to a failure in the application's input sanitization process. An attacker can exploit this vulnerability by supplying malicious input that is not properly sanitized, which is then used in an SQL query. Successful exploitation of this vulnerability can lead to compromise of the application, disclosure or modification of data, or exploitation of vulnerabilities in the underlying database implementation.
The Apple Airport driver provided with Orinoco-based Airport cards (1999-2003 PowerBooks, iMacs) is vulnerable to a remote memory corruption flaw. When the driver is placed into active scanning mode, a malformed probe response frame can be used to corrupt internal kernel structures, leading to arbitrary code execution. This vulnerability is triggered when a probe response frame is received that does not contain valid information element (IE) fields after the fixed-length header. The data following the fixed-length header is copied over internal kernel structures, resulting in memory operations being performed on attacker-controlled pointer values.
This code allows local lp users on IRIX 6.3 and above to conduct privilege escalation attacks. It creates a shared library that is loaded by the netprint executable, allowing the attacker to execute arbitrary code with root privileges.
This exploit code allows an attacker to hijack a session and download messages from the victim's mailbox in CommuniGatePro 4.0.6. The attacker needs to place the exploit code in the cgi-bin and configure the necessary variables. They can then send a victim an HTML message with an image source pointing to AnyImage.gif. When the victim reads the message, the script will download messages 1 to 10 from their mailbox.
phpBook is prone to a vulnerability that may let remote attackers inject arbitrary PHP code into the application. This code may then be executed by visiting pages that include the injected code.
The oaBoard application is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application. This could result in the execution of arbitrary PHP code in the context of the webserver hosting the application.
The vulnerability allows local attackers to enumerate the existence of files on the computer that they wouldn't ordinarily be able to see. An attacker can exploit this issue by using a specially crafted input to the 'getShell' or 'getCommand' function, allowing them to view files that would normally be inaccessible.
The phpDocumentor application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability by injecting arbitrary script code into the affected site, which can result in the execution of malicious code in the browser of an unsuspecting user. This can lead to the theft of authentication credentials and enable various other attacks.
Multiple cross-site scripting vulnerabilities exist in Kayako SupportSuite. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a user visiting the affected site. This can lead to the theft of authentication credentials stored in cookies and other malicious activities.