QtWeb Browser version 3.3 is vulnerable to a Denial of Service (DoS) attack due to a Cross-Site Scripting (XSS) vulnerability. The vulnerability is caused due to the application not properly sanitizing user-supplied input to the 'marquee' parameter. This can be exploited to cause a DoS condition by executing a specially crafted JavaScript code. Successful exploitation of this vulnerability can cause the browser to crash.
A SQL injection vulnerability exists in DB[CMS] version 2.01. An attacker can send a malicious SQL query to the vulnerable parameter 'id' in the 'article.php' script to execute arbitrary SQL commands on the underlying database.
NetBSD 5.0 and below Hack PATH Environment overflow proof of concept. Successfull Exploitation gives guid 100 (games). Vulnerable Function is in hack.unix.c. It is a basic strcpy stack overflow. Such overflows are hard to exploit in NetBSD.
NetBSD 5.0 and below Hack GENOCIDE Environment overflow proof of concept. Successful exploitation gives guid 100 (games). Vulnerable Function is in hack.main.c. /usr/games/hack -D use the wizard mode. Only work in wizard mode. It is a basic strcpy stack overflow. Such overflows are hard to exploit in NetBSD.
A Local File Disclosure vulnerability exists in Lokomedia CMS (sukaCMS) version 2.0. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to view sensitive files on the server, such as the configuration file koneksi.php. This vulnerability is related to CVE-2020-1234.
Attachmate Reflection Standard Suite 2008 & Reflection X Both contain a buffer overflow that could be triggered via activex. when r2axctrl.ocx is sent large string to the Reflection for UNIX & OpenVMS control class a crash happens that overwrites EIP with 41414141.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'id' of the 'com_packages' component. This can allow the attacker to gain access to the database and execute arbitrary SQL queries.
Webloader v7 - v8 ( vid ) is vulnerable to SQL Injection. An attacker can inject malicious SQL queries to the vulnerable parameter and gain access to the database. This can lead to unauthorized access to sensitive information such as usernames, passwords, and other confidential data.
A vulnerability exists in B-interference Lite CMS, which allows an attacker to upload malicious files to the server. This is due to the lack of proper validation of the uploaded files. An attacker can exploit this vulnerability by sending a malicious file to the upload.php page in the tinybrowser plugin directory.
The TS Special Edition <= v.7.0 is vulnerable to multiple vulnerabilities. An attacker can exploit the vulnerability to gain access to seed/leech files of any users, bypass the vote system, access the MySQL credentials, and perform XSS and SQL Injection attacks.
Services By CQR