phpwcms is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Spitfire is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability. An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible.
The TFTPDWIN Server v0.4.2 is vulnerable to an attack where a remote or local attacker can execute arbitrary commands or cause a denial of service by sending a UDP packet of length more than 516 bytes.
The Juniper Networks SA2000 SSL VPN appliance is vulnerable to a cross-site scripting (XSS) attack due to a failure in properly sanitizing user-supplied input in its web interface. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other malicious activities.
The 'Solaris Management Console' subcomponent of Oracle Solaris creates temporary files in an insecure manner. An attacker with local access can exploit this issue to overwrite arbitrary files, leading to denial-of-service conditions or aiding in other attacks.
A local attacker can exploit this issue to overwrite arbitrary files with the privileges of the affected process, resulting in denial-of-service conditions and other possible attacks.
This vulnerability in Oracle WebLogic Server can be exploited over the HTTP protocol. The attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges for the exploit to succeed. By sending specially crafted requests, an attacker can execute arbitrary code on the affected server.
A local attacker can exploit this issue to overwrite arbitrary files with the privileges of the affected process. This will likely result in denial-of-service conditions, other attacks may also be possible.
The Oracle Business Process Management is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a user visiting the affected site. This can lead to the theft of cookie-based authentication credentials and enable the attacker to launch further attacks.
This is a proof of concept exploit for the crack_opendict() function in PHP 4.4.6. It demonstrates a local buffer overflow vulnerability, using the win2k sp3 version with the SEH overwrite method. The exploit is designed to be launched from the command line.
Services By CQR