Stuffed Tracker is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This exploit takes advantage of a command injection vulnerability in Mac OS X 10.4.8 (8L2127) to execute arbitrary commands. By modifying the CMD_STRING variable, an attacker can execute any command they desire. The exploit uses a static address for the command string, but this may need to be adjusted depending on the execution method and string length. The payload includes the addresses for system(), setuid(), and the command string. Sleds are also included to allocate large heap chunks for better reliability. This exploit was released on January 1, 2007, and was developed by LMH and Kevin Finisterre.
The Cart32 application fails to sanitize user-supplied input, leading to an arbitrary file download vulnerability. An attacker can exploit this vulnerability to download arbitrary files within the context of the webserver process, potentially aiding in further attacks.
GForge is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
The FeedBurner FeedSmith plugin is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to use a victim's currently active session to perform actions with the application. The vulnerability can be exploited by sending a malicious request to the affected application.
The vulnerability allows an attacker to spoof responses to DNS requests, corrupting the DNS cache with attacker-specified content. This can aid in further attacks such as phishing.
The Content*Builder (C*B) application is prone to a remote file-include vulnerability due to insufficient sanitization of user-supplied data. This vulnerability can be exploited by an attacker to compromise the application and the underlying system, potentially leading to further attacks.
UebiMiau is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
DRBGuestbook is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Services By CQR