Apple WebCore is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may exploit this issue by enticing victims into visiting a malicious website. The attacker may leverage this issue to execute arbitrary script code in an application using the affected framework (typically Safari). This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The 'mod_forum' component for Joomla and Mambo is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to access the underlying system.
eNdonesia is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify sensitive data, or exploit latent vulnerabilities in the underlying database.
eNdonesia is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify sensitive data, or exploit latent vulnerabilities in the underlying database.
This exploit targets the Ingress Database Server included in CA eTrust Secure Content Manager and is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues, multiple pointer-overwrite issues, and an arbitrary-file-overwrite issue. Successful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the 'alarkp.def' file.
NetClassifieds is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues and cross-site scripting issues. A successful exploit may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The application fails to properly sanitize user-supplied input, allowing an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can be used to steal authentication credentials and launch further attacks.
PHP Accounts is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The PHP Accounts application is prone to a local file-include vulnerability. This vulnerability occurs due to a failure in properly sanitizing user-supplied input. By exploiting this vulnerability, an unauthorized user can view files and execute local scripts.
This exploit targets a remote code execution vulnerability in Microsoft ASN.1. It is specifically for CVE-2005-1935, also known as MS04-007. The exploit allows an attacker to execute arbitrary code on a vulnerable system.
Services By CQR