The Microsoft Visual Basic 6 TypeLib Information Library (TLI) ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
Openads (formerly known as phpAdsNew) is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Attackers can exploit this issue to gain unauthorized access. This may facilitate a compromise of the application and underlying webserver; other attacks are also possible.
Php-Stats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The Lib2 PHP Library is prone to a remote file-include vulnerability due to insufficient sanitization of user-supplied data. Exploiting this vulnerability may allow an attacker to compromise the application and the underlying system. Other attacks are also possible.
The ZyXEL ZyWALL 2 is prone to multiple remote vulnerabilities that affect the management interface. An attacker can exploit these issues to carry out cross-site request forgery, HTML-injection, and denial-of-service attacks. The exploit code provided demonstrates a cross-site request forgery attack that injects malicious HTML code into the 'sysSystemName' and 'sysDomainName' fields, potentially leading to HTML-injection attacks. Additionally, the exploit sets the 'StdioTimout' field to '0', causing a denial-of-service condition. The vulnerability is reported to affect ZyWALL 2 devices running firmware V3.62(WK.6).
Systrace is prone to multiple concurrency vulnerabilities due to its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel. Attackers can exploit these issues by replacing certain values in system call wrappers with malicious data to elevate privileges or to bypass auditing. Successful attacks can completely compromise affected computers.
WebNews is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Bilder Galerie is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
The MBB CMS version <= 004 is vulnerable to Local File Inclusion (LFI) and SQL Injection (SQLi) attacks. The LFI vulnerability can be exploited by manipulating the 'mod' and 'ref' parameters in the index.php file, allowing an attacker to include arbitrary files from the server. The SQLi vulnerability can be exploited by manipulating the 'id' and 'catid' parameters in the article.php file, allowing an attacker to extract sensitive information from the database.
Services By CQR