The MOJO IWMS application fails to properly sanitize user-supplied data, which can be exploited by an attacker to manipulate cookies and masquerade as another user. This can lead to the theft of cookie-based authentication credentials and enable the attacker to launch further attacks.
An attacker can exploit this issue to crash the affected server, resulting in denial-of-service conditions.
The DOS Snort Inline exploit affects versions 2.6.1.1, 2.6.1.2, and 2.7.0(beta) of Snort Inline. It requires Frag3 to be enabled, Inline to be enabled, Linux as the operating system, and ip_conntrack to be disabled. The exploit triggers a segfault by supplying an offset that causes reassembly for different snort fragmentation reassembly policies. The first packet is hardcoded with a 70-74 offset.
Pligg is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Pixie is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage the issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks.
Gekko Web Builder is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
This exploit takes advantage of a stack based buffer overflow vulnerability in BlazeDVD Pro v7.0. By sending a specially crafted .plf file, an attacker can overwrite the return address and gain control of the program flow. This exploit bypasses ALSR and DEP protections on Windows 8.1 Pro.
This exploit targets the Rediff Toolbar ActiveX Control and can be used to trigger a remote Denial of Service (DoS) attack. The vulnerability exists in the control's implementation, allowing an attacker to send a specially crafted request that can cause the control to crash or become unresponsive.
The FestOS application is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.
DSite CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Services By CQR