Attackers can exploit this issue to gain unauthorized access to the application. Successful attacks will compromise the affected application and possibly the underlying webserver.
The application fails to handle specially crafted packets, leading to remote denial-of-service conditions.
Aratix inc/init.inc.php does not initialize the $current_path variable before using it to include files, assuming register_globals = on, we can initialize the variable in a query string and include a remote file of our choice.
This module exploits a stack-based buffer overflow in IBM Forms Viewer. The vulnerability is due to a dangerous usage of strcpy-like function, and occurs while parsing malformed XFDL files, with a long fontname value. This module has been tested successfully on IBM Forms Viewer 4.0 on Windows XP SP3 and Windows 7 SP1.
The vulnerability allows attackers to execute arbitrary code in the context of the user running the Mail application. This can compromise the application and potentially the underlying operating system.
The vulnerability allows a local attacker to gain elevated privileges on the affected computer by exploiting a flaw in ISPmanager. By executing a specific command, the attacker can access sensitive information and compromise the affected computer.
The Acunetix Web Vulnerability Scanner 4.0 <= Build 20060717 is vulnerable to a remote denial of service attack. The vulnerability is triggered when a malformed packet with an invalid 'Content-Length' field is sent to the scanner. This causes the application to crash. The vulnerability has been fixed in later versions of the scanner.
Rigs of Rods is prone to a remote buffer-overflow vulnerability due to the application's failure to properly check the bounds of user-supplied data before copying it into a buffer that is not sufficiently sized. An attacker can exploit this vulnerability to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
Click&BaneX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The application fails to properly sanitize user-supplied input, allowing an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can lead to the theft of cookie-based authentication credentials and enable other attacks.
Services By CQR