The Vizayn Haber website is vulnerable to SQL Injection. An attacker can inject malicious SQL code through the 'id' parameter in the 'haberdetay.asp' file. This allows the attacker to retrieve sensitive information such as admin usernames, passwords, and email addresses.
JSPWiki is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting issues and an HTML-injection issue, because the application fails to adequately sanitize user-supplied input. Attacker-supplied HTML and script code will run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
JSPWiki is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting issues and an HTML-injection issue, because the application fails to adequately sanitize user-supplied input. Attacker-supplied HTML and script code will run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
The 'bcoos' Arcade module is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Urchin application is vulnerable to a cross-site scripting (XSS) attack due to inadequate input sanitization. An attacker can exploit this vulnerability by injecting malicious script code into the affected application, which will be executed by the victim's browser when the page is viewed. This allows the attacker to perform various malicious actions, such as stealing authentication credentials and launching further attacks.
Exploiting this issue may allow local attackers to gain elevated privileges, facilitating the complete compromise of affected computers.
This exploit takes advantage of a bug in the x86_64 Linux kernel ia32syscall emulation. By exploiting this vulnerability, local attackers can gain elevated privileges, potentially leading to the complete compromise of affected computers.
Xcms is prone to a vulnerability that lets attackers execute arbitrary PHP code because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.
The Vigile CMS wiki module is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The application fails to perform adequate boundary-checks on user-supplied data, leading to a remote buffer-overflow vulnerability. An attacker can exploit this vulnerability by tricking users into visiting a maliciously crafted webpage. Successful exploitation allows the attacker to execute arbitrary code within the context of the application using the ActiveX control, typically in Microsoft Internet Explorer. Failed exploit attempts result in a denial-of-service condition.