The Doom 3 engine is prone to a format-string vulnerability. Exploiting this issue will allow attackers to execute arbitrary code with the permissions of a user running the application. Failed attacks will likely cause denial-of-service conditions. Several games that use the Doom 3 engine are affected, including Doom 3, Quake 4, and Prey.
This exploit allows an attacker to include remote files in a vulnerable CGI script. By manipulating the 'Name' parameter, an attacker can include arbitrary files from a remote server. This can lead to remote code execution or information disclosure.
ASP Product Catalog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
FSD is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
FSD is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Multiple SQL-injection vulnerabilities in Ohesa Emlak Portal allow remote attackers to execute arbitrary SQL commands via the Emlak parameter in (1) detay.asp, (2) emlak.asp, (3) emlak_detay.asp, (4) emlak_ara.asp, and (5) emlak_ara_detay.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Ohesa Emlak Portal is prone to multiple SQL-injection vulnerabilities because it fails to adequately sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Netkamp Emlak Scripti is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues and an SQL-injection issue, because the application fails to sanitize user-supplied input. A successful exploit may allow an attacker to steal cookie-based authentication credentials, execute malicious script code, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The vulnerability allows attackers to gain access to the contents of arbitrary files by exploiting a design error in the handling of form fields in Microsoft Internet Explorer. An attacker can use a specially crafted script to manipulate the behavior of the file input field and access the contents of files on the victim's system.
Novus is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Services By CQR