Bedeng PSP is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
PHPWordPress is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The Top Music Module for PHP-Nuke is prone to SQL injection vulnerabilities. These vulnerabilities occur when user-supplied input is not properly sanitized before being used in SQL queries. An attacker can exploit these vulnerabilities by injecting malicious SQL code into the 'idartist' and 'idsong' parameters in the '/modules.php?name=topMusic' URL. Successful exploitation could lead to compromise of the application, disclosure or modification of data, or exploitation of vulnerabilities in the underlying database implementation.
Babe Logger is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The Enterprise Connector application is prone to SQL injection vulnerabilities. These vulnerabilities occur when the application fails to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted request to the '/send.php' endpoint with a malicious SQL payload in the 'messageid' parameter. Successful exploitation of this vulnerability could lead to compromise of the application, disclosure or modification of data, or allow the attacker to exploit vulnerabilities in the underlying database implementation.
The 'unalz' utility is prone to a buffer-overflow vulnerability. This issue is exposed when the application extracts an ALZ archive that contains a file with a long name. An attacker could exploit this vulnerability to execute arbitrary code in the context of the user who extracts a malicious archive.
Q-News is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
This is a proof of concept exploit that affects unpatched Windows 2000 machines with the .printer ISAPI filter loaded. It allows for EIP overruns at position 260, with 19 bytes of code to jump back to the beginning of the buffer. The exploit includes a 4 byte EIP jumping into a jmp esp located in mfc42.dll. The buffer itself has approximately 250 bytes before the overflow and 211 bytes after it. The overflow occurs in the Host: header of the .printer extension, with certain characters causing issues. The exploit can be compiled on Windows, Linux, and *BSD systems and uses a simple TCP vector.
The Athena PHP Website Administration application is prone to a remote file include vulnerability. This vulnerability occurs due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability by injecting a malicious URL as the value of the 'athena_dir' parameter in the 'athena.php' script. This allows the attacker to execute arbitrary remote PHP code on the affected system with the privileges of the web server process, potentially leading to unauthorized access.
PBLang is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
Services By CQR