Bandersnatch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
FooSun is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This is a proof of concept exploit for the MOAB-04-01-2007 vulnerability. It targets iPhoto, a photo management application on macOS. The exploit takes advantage of a buffer overflow vulnerability in iPhoto's handling of XML feeds, allowing an attacker to execute arbitrary code on a target system. By sending a specially crafted XML feed, an attacker can trigger the buffer overflow and gain control over the target system.
This is a buffer overflow vulnerability in MemPlayer. The vulnerability can be exploited by sending a specially crafted HTTP request to the server, causing a buffer overflow and potentially allowing the attacker to execute arbitrary code on the target system. The vulnerability exists in the MemPlayer version 1.0.3 (Linux).
The MySpace Scripts Poll Creator application is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This allows an attacker to inject malicious HTML or JavaScript code that can run in the context of the affected site. This can potentially lead to the theft of cookie-based authentication credentials and allow the attacker to control how the site is rendered to the user. Other attacks are also possible.
The Aurigma Image Uploader ActiveX control is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
The E-vanced Solutions E-vents application is prone to multiple input-validation vulnerabilities due to insufficient sanitization of user-supplied data. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The GWExtranet application is prone to multiple directory-traversal vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to retrieve arbitrary files from the vulnerable system in the context of the webserver process, potentially obtaining sensitive information that may aid in further attacks.
The VUNET Case Manager application fails to properly sanitize user-supplied data before using it in an SQL query. This allows an attacker to inject malicious SQL code, potentially compromising the application and gaining unauthorized access to or modifying data. It may also expose latent vulnerabilities in the underlying database.
The Mass Mailer application is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR