The OTRS application is prone to multiple input-validation vulnerabilities due to a failure in properly sanitizing user-supplied input. These vulnerabilities include SQL-injection, HTML-injection, and cross-site scripting vulnerabilities.
The vulnerability allows an attacker to retrieve arbitrary remote PHP code on an affected computer with the privileges of the Web server process by exploiting a lack of proper sanitization of user-supplied input.
Cisco PIX is susceptible to a remote denial-of-service vulnerability when handling certain TCP SYN packets. This issue allows attackers to temporarily block network traffic to arbitrarily targeted TCP services. By repeating the attack, a prolonged denial-of-service condition is possible.
PHP-Post is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. The attacker may also be able to steal cookie-based authentication credentials and launch other attacks.
The PHP-Post application fails to properly sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially stealing authentication credentials and launching further attacks.
The PHP Download Manager application fails to properly sanitize user-supplied input before using it in an SQL query. This allows an attacker to inject malicious SQL code through the 'cat' parameter in the 'files.php' script. Successful exploitation of this vulnerability could lead to a compromise of the application, unauthorized access to or modification of data, or the exploitation of other vulnerabilities in the underlying database implementation.
The vulnerability exists due to a lack of proper sanitization of user-supplied input before it is used in SQL queries. An attacker can exploit this vulnerability by injecting malicious SQL code into the 'start' parameter of the 'thread.php' page.
The Struts application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a user visiting the affected site. This can be used to steal authentication credentials and carry out further attacks.
SimplePoll is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. The vulnerability can be exploited by using a specially crafted payload in the 'pollid' parameter.
Inkscape is prone to a buffer overflow vulnerability. This issue occurs when the application fails to do proper bounds checking on user-supplied data before copying it into a finite-sized buffer. When a malformed SVG image file is processed, it leads to a buffer overflow, allowing an attacker to execute arbitrary code in the context of the victim user.
Services By CQR