BTGrup Admin WebController is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. The following proof of concept is available: Username : 'or''=' Password : 'or''='
Scout Portal Toolkit is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. Other attacks are also possible.
The MDaemon WorldClient application is prone to a denial of service vulnerability due to a failure in properly sanitizing user-supplied input. An attacker can exploit this vulnerability by injecting malicious code, such as a script tag, into user-supplied input. This can cause the application to crash or become unresponsive, preventing users from accessing their mail remotely through the WorldClient client application.
The vulnerability allows attackers to load a frameset from a different domain, leading to potential attacks such as information disclosure, session hijacking, and phishing-style attacks.
The LocazoList Classifieds application is prone to an input validation vulnerability that allows for cross-site scripting (XSS) and SQL injection attacks. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other attacks. Additionally, the attacker can manipulate input to modify query logic or exploit vulnerabilities in the database implementation, potentially compromising the application and disclosing or modifying data.
The Sights 'n Sounds Streaming Media Server is prone to a buffer overflow vulnerability. This issue occurs due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of this vulnerability can result in a crash of the 'SWS.exe' application, causing a denial of service to legitimate users. Additionally, an attacker may be able to execute arbitrary code, potentially facilitating privilege escalation to SYSTEM level.
LogiSphere is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the Web server process. Information obtained may aid in further attacks; other attacks are also possible.
Magic Book Professional is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
The Nortel SSL VPN is prone to an input validation vulnerability that allows arbitrary commands to be executed on a user's computer. Cross-site scripting attacks are also possible.
Microsoft Excel is susceptible to a remote code-execution vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input data in the 'Named Range' definition in Excel data files. This results in the corruption of critical memory sections, allowing code execution.
Services By CQR