The Apache Tomcat Host Manager Servlet is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.
The vulnerability exists in Microsoft Internet Explorer when rendering VML graphics. Attackers can exploit this vulnerability to execute arbitrary code in the context of the logged-in user, leading to potential remote compromise or denial-of-service conditions.
The JobLister3 application is vulnerable to SQL injection attacks. This vulnerability occurs due to the application's failure to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by injecting malicious SQL statements into the 'jobid' parameter of the 'showbyID' mode. Successful exploitation could allow the attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
OWASP Stinger is prone to a filter-bypass weakness because the application fails to properly handle certain input. Since the OWASP Stinger project is a software module designed to be incorporated into other applications, this weakness may be exploitable only if applications use it in a vulnerable way. Successfully exploiting this issue may allow attackers to bypass the filter, aiding them in further attacks.
The Microsoft Visual Basic 6 TypeLib Information Library (TLI) ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
Openads (formerly known as phpAdsNew) is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Attackers can exploit this issue to gain unauthorized access. This may facilitate a compromise of the application and underlying webserver; other attacks are also possible.
Php-Stats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The Lib2 PHP Library is prone to a remote file-include vulnerability due to insufficient sanitization of user-supplied data. Exploiting this vulnerability may allow an attacker to compromise the application and the underlying system. Other attacks are also possible.
The ZyXEL ZyWALL 2 is prone to multiple remote vulnerabilities that affect the management interface. An attacker can exploit these issues to carry out cross-site request forgery, HTML-injection, and denial-of-service attacks. The exploit code provided demonstrates a cross-site request forgery attack that injects malicious HTML code into the 'sysSystemName' and 'sysDomainName' fields, potentially leading to HTML-injection attacks. Additionally, the exploit sets the 'StdioTimout' field to '0', causing a denial-of-service condition. The vulnerability is reported to affect ZyWALL 2 devices running firmware V3.62(WK.6).