Proverbs Web Calendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The DigiRez <= V3.4 (book_id) Remote BLIND SQL Injection exploit allows an attacker to execute SQL queries and retrieve sensitive information from the database.
The Sentinel Protection Server and Keys Server are vulnerable to a directory-traversal vulnerability. This vulnerability occurs due to insufficient sanitization of user-supplied input data. An attacker can exploit this vulnerability to access sensitive information, which can be used for further attacks.
GWExtranet is prone to multiple HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input data before using it in dynamically generated content. Attacker-supplied HTML and script code could execute in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
DWD Realty is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The PHPSlideShow application fails to properly sanitize user-supplied data, leading to a cross-site scripting vulnerability. Attackers can exploit this vulnerability to execute arbitrary HTML or script code in a user's browser session within the context of the affected site. This can result in the theft of authentication credentials and the ability to launch further attacks.
The RichFX Basic Player ActiveX Control is prone to a buffer-overflow vulnerability due to inadequate boundary checks on user-supplied data. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control, typically Internet Explorer. Failed exploit attempts may result in denial-of-service conditions.
The VBTube application is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary HTML or script code in a user's browser session, potentially leading to the theft of cookie-based authentication credentials and the ability to launch further attacks.
E-lite POS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The VMware Tools application fails to properly drop privileges before performing certain functions, allowing an attacker to exploit this vulnerability in the guest operating system to elevate privileges in the host operating system.
Services By CQR