The phpMyChat application fails to properly sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially allowing them to steal authentication credentials and launch other attacks.
Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database.
Multiple vulnerabilities exist in Absolute News Manager .NET, including cross-site scripting (XSS), SQL injection, and information disclosure issues. These vulnerabilities allow attackers to steal authentication credentials, execute arbitrary script code, obtain sensitive information, access or modify data, and exploit underlying database vulnerabilities.
The SonicWALL Global VPN Client is prone to a remote format-string vulnerability. This vulnerability occurs when user-supplied input is not properly sanitized before being passed as the format specifier to a formatted-printing function. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary machine code in the context of the application. Failed attempts may cause denial-of-service conditions.
Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected site.
This exploit leverages the setgid and setuid functions to escalate privileges. The program first retrieves the user 'abi' from the system's password file using getpwnam. Then, it sets the group ID and user ID to that of the 'abi' user. Finally, it executes the '/usr/bin/id' command using the popen function and prints the output. This allows an attacker to execute commands with elevated privileges.
The browsers fail to securely handle keystroke input from users, allowing attackers to steal focus and potentially capture sensitive data entered by the user. Exploiting this issue requires that users manually type sensitive data, which can be done through keyboard-based games, blogs, or other similar pages.
QEMU is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks when handling user-supplied input. Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of the issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.
The 'bcoos' program is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR