The WF-Quote module for the Xoops CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
An attacker can exploit this issue to potentially execute arbitrary code with the privileges of the user running the affected application. This issue requires an attacker to trick an unsuspecting victim into running the vulnerable application in an attacker-controlled directory.
PHP Content Architect is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Sienzo Digital Music Mentor is prone to multiple stack-based buffer-overflow vulnerabilities because the software fails to adequately check boundaries on data supplied to multiple ActiveX control methods. An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Failed attempts will likely result in denial-of-service conditions.
The vulnerability exists due to the application's failure to properly sanitize user-supplied input. An attacker can exploit this vulnerability by injecting arbitrary script code in the browser of a user visiting the affected site. This can lead to potential information theft and other malicious activities.
The vulnerability allows attackers to execute arbitrary JavaScript code in the context of the Safari application.
The D-Link DSL-G624T router is prone to a cross-site scripting vulnerability. The issue occurs due to a failure to properly sanitize user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, within the context of the affected site. This can potentially lead to the theft of cookie-based authentication credentials and facilitate other malicious activities.
WebSpeed is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. Successful exploits can allow attackers to cause the application to become unresponsive, denying service to legitimate users.
Atomix MP3 is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue by enticing a victim to load a malicious MP3 file. If successful, the attacker can execute arbitrary code in the context of the affected application.
CMS Made Simple is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Services By CQR