Mbedthis AppWeb is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. This issue affects only applications that were built with logging enabled and installed with no 'ErrorLog' directive in 'appweb.conf'. Successful exploits may allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely crash the application, denying further service to legitimate users.
Firebird SQL is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary machine code in the context of the affected database server. Failed exploit attempts will likely crash the server, denying service to legitimate users.
Playsms is an open source SMS management system that suffers from Cross-site request forgery. An attacker can manipulate user data by sending a malicious crafted URL. Playsms does not use any security token to prevent CSRF, allowing manipulation of any user data.
The vulnerability allows remote attackers to pass arbitrary command-line arguments to any application that can be called through a protocol handler. This vulnerability relies on the use of IFRAME elements and can be combined with Mozilla XPCOM components to cause further damage. Exploiting the vulnerability would allow a remote attacker to influence command options and compromise affected systems in the context of the vulnerable user.
The vulnerability exists due to the failure of BBpress to properly sanitize user-supplied input. An attacker can exploit this vulnerability by injecting malicious scripts into a user's web browser, which can lead to the execution of arbitrary code in the context of the affected website. This can result in the theft of sensitive information, such as authentication credentials.
An attacker can exploit these vulnerabilities by manipulating the SQL query logic to carry out unauthorized actions on the underlying database, access sensitive information, and obtain cookie-based authentication credentials.
The Beehive Forum application fails to properly sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user, potentially stealing authentication credentials and launching further attacks.
This exploit allows for SQL injection, privilege escalation, and command execution on PHP-Update version 2.7 and below. It works regardless of php.ini settings and against the Php-Update MySQL version with MySQL >= 4.1. The exploit takes advantage of the str_replace() function in PHP to execute arbitrary commands on the target server.
vBSupport is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
The web interface of Packeteer PacketShaper fails to handle unexpected requests properly, leading to a remote denial-of-service vulnerability. An attacker with remote authentication can exploit this vulnerability to reboot the affected devices and deny service to legitimate users.
Services By CQR