The Einfacher Passworschutz application is prone to a cross-site scripting vulnerability due to improper input sanitization. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, within the context of the affected site. This can potentially lead to the theft of cookie-based authentication credentials and enable the attacker to launch further attacks.
The DeskPRO application fails to properly sanitize user-supplied input, allowing attacker-supplied HTML and script code to execute in the context of the affected site. This could potentially lead to the theft of cookie-based authentication credentials or control over how the site is rendered to the user. Other attacks are also possible.
The eCardMAX HotEditor is prone to a local file inclusion vulnerability. This vulnerability occurs because the application fails to properly sanitize user-supplied input. An unauthorized user can exploit this vulnerability to view files and execute local scripts.
An attacker can inject HTML and script code into the application, allowing them to execute it in the context of the affected site. This can lead to various attacks, such as stealing authentication credentials or controlling how the site is rendered to the user.
PHP's GD extension is prone to two integer-overflow vulnerabilities because it fails to ensure that integer values aren't overrun. Successfully exploiting these issues allows attackers to crash the affected application, potentially denying service to legitimate users. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed.
IBM Java is prone to a security-bypass vulnerability because it fails to sufficiently sanitize user-supplied input. Successful exploits can allow attackers to bypass filtering mechanisms; this may aid in further attacks.
The Claus Muus Spitfire application is prone to multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.
This exploit targets the Arora browser and utilizes a remote memory-corruption vulnerability in Qt. By clicking on a link, the attacker can trigger the exploit, leading to the execution of arbitrary code within the application's context. In cases where the exploit fails, a denial-of-service condition will be triggered.
This exploit gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges.
The Monolith Lithtech Game Engine is prone to a memory-corruption vulnerability. An attacker can exploit this issue to cause a denial-of-service condition or execute arbitrary code within the context of the affected application. Other attacks may also be possible.
Services By CQR