Miro Broadcast Machine is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The PHP-Nuke Advertising Module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This exploit allows an attacker to execute arbitrary commands on a vulnerable VerliAdmin version 0.3. The vulnerability exists in the 'language.php' file, where the 'lang' cookie is not properly sanitized before being used in an 'Include' statement. By manipulating the 'lang' cookie, an attacker can include arbitrary files and execute commands on the server.
The Microsoft Office Web Component is prone to a denial-of-service vulnerability because of a memory access violation. Attackers can exploit this issue to crash Internet Explorer and deny service to legitimate users.
The Xoops Mylinks module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this vulnerability could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks.
Rapid Classified is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
The Computer Associates SiteMinder Web Agent is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The MS-TopSites application fails to properly sanitize user-supplied data, leading to an unauthorized-access vulnerability and an HTML-injection vulnerability. An attacker can exploit these vulnerabilities to gain elevated privileges, execute arbitrary code within the webserver's context, and steal cookie-based authentication credentials.
The MySQL database server fails to properly handle unexpected input, allowing remote attackers to crash affected database servers and deny service to legitimate users. Attackers must have valid credentials to execute arbitrary SQL statements on affected servers.
i-Gallery is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view arbitrary local files in the context of the webserver process. Information obtained may aid in further attacks.
Services By CQR