Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. The vulnerabilities include information and path disclosure, file enumeration, SQL injection, and cross-site scripting attacks within the context of the victim's Web browser and the affected computer. Other attacks are also possible.
The vulnerability is caused by a lack of proper sanitization of user-supplied input. An attacker can exploit this by supplying malicious code as input in the 'siteurl' parameter, which is not properly sanitized. This allows the attacker to execute arbitrary code in the context of the Web server process, potentially leading to a compromise of the system.
The Wizz Forum application fails to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by injecting malicious SQL code into the vulnerable parameter, potentially compromising the application, disclosing or modifying data, or exploiting vulnerabilities in the underlying database implementation.
The Help Center Live application fails to properly sanitize user-supplied input, which allows an attacker to include local files and disclose sensitive information. This vulnerability can also be exploited to read arbitrary files on the affected computer with the privileges of the Web server.
ActiveCampaign 1-2-All Broadcast Email is prone to an SQL-injection vulnerability. This is an input-validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a query. Successful attacks could compromise the software. Depending on the database implementation and the nature of the affected query, the attacker may be able to gain unauthorized access to the database.
phpWebThings is prone to an SQL injection vulnerability. This is an input validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a query. It is likely that the issue could compromise the software. Depending on the database implementation and the nature of the affected query, it may also be possible to gain unauthorized access to the database.
This exploit allows an attacker to include arbitrary files by manipulating the NETTYPE variable in the lpstat command. By creating a malicious file and library, the attacker can execute arbitrary code as root.
phpSysInfo is prone to multiple input validation vulnerabilities, including cross-site scripting (XSS), HTTP response splitting, and arbitrary local file inclusion. These vulnerabilities are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to steal cookie-based authentication credentials, aid in phishing attacks, retrieve privileged or sensitive information, and perform other attacks.
Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling the 'PERLLIB', 'PERL5LIB', and 'PERL5OPT' environment variables when tainting is ignored. An attacker can exploit this vulnerability to bypass security restrictions and include arbitrary library files.
The RealPlayer and RealOne Player applications are prone to a remote stack-based buffer-overflow vulnerability. This vulnerability occurs when parsing RM (Real Media) files, and can be exploited by a remote attacker to execute arbitrary code and gain unauthorized access. The exploit uses a seh overwrite method, which takes advantage of the SEH being placed in multiple locations over different OS's, making it universal. The exploit includes a bindshell on port 13579.
Services By CQR