Metyus Forum Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The parameter DdnsHostName is vulnerable to Persistent Cross Site Scripting. However, there is client side input validation, which can easily be bypassed.
This exploit allows remote attackers to execute arbitrary code via a crafted .avi file in GOM Player. The vulnerability occurs when the player fails to properly handle certain inputs, leading to memory corruption.
The exploit allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .avi file processed by PotPlayer.
Bandersnatch is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These issues include multiple SQL-injections vulnerabilities and an HTML-injection vulnerability. A successful exploit may allow an attacker to steal cookie-based authentication credentials, execute malicious script code, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The WP-FeedStats plugin for WordPress is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
Nukedit is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploits a stack overflow in the svn_time_from_cstring() function. Builds a date format which is valid but at the same time exits after the sscanf function, or else it branches into another function which segfaults at the apr_pool_t *pool. Overwrites the eip with a pointer to the main *data buffer stored in the heap where the shell code is stored in the main request itself. Binds a shell on port 36864.
The vulnerability occurs due to inadequate boundary checks on user-supplied input to a program that is installed setuid-superuser. Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Failed attacks will likely cause denial-of-service conditions.
Windows kernel is prone to a security vulnerability when executing the (GDI support) function 'RFONTOBJ::bTextExtent' located in 'win32k.sys'. This vulnerability could be exploited by an attacker to crash the windows kernel by calling the user mode function 'NtGdiGetTextExtent' with specially crafted arguments.