The Claus Muus Spitfire application is prone to multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.
This exploit targets the Arora browser and utilizes a remote memory-corruption vulnerability in Qt. By clicking on a link, the attacker can trigger the exploit, leading to the execution of arbitrary code within the application's context. In cases where the exploit fails, a denial-of-service condition will be triggered.
This exploit gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges.
The Monolith Lithtech Game Engine is prone to a memory-corruption vulnerability. An attacker can exploit this issue to cause a denial-of-service condition or execute arbitrary code within the context of the affected application. Other attacks may also be possible.
Variables $baseDir are not properly sanitized. When register_globals=on and allow_fopenurl=on an attacker can exploit this vulnerability with a simple php injection script.
The vulnerability allows a remote attacker to perform actions in the context of an authorized user's session and gain unauthorized access to the affected application. The exploit involves submitting a form with hidden fields that perform certain actions.
The vulnerability allows an attacker to execute arbitrary code in the context of the user running the affected application by tricking them into viewing a page containing malicious content.
Microsoft DirectX is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to interrupt existing sessions or crash or freeze the application that uses DirectX, resulting in denial-of-service conditions.
SnowFlake CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Sourcefabric Campsite is vulnerable to HTML injection due to inadequate input sanitization. This vulnerability allows attackers to inject and execute arbitrary HTML and script code within the context of the affected browser. Exploiting this vulnerability could lead to the theft of cookie-based authentication credentials and control over the rendering of the site to the user.