The SocialABC NetworX application fails to properly sanitize user-supplied input, leading to an arbitrary file-upload vulnerability and a cross-site scripting vulnerability. Attackers can exploit these vulnerabilities to steal authentication information, execute client-side scripts, upload and execute arbitrary files on the webserver, and launch other attacks.
The cPanel software is vulnerable to a cross-site request forgery (CSRF) vulnerability. By exploiting this vulnerability, an attacker can perform certain administrative actions on behalf of the victim, leading to further attacks.
The Orbis CMS is vulnerable to a cross-site scripting (XSS) vulnerability due to improper input sanitization. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.
The i-Net Solution Matrimonial Script is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.
Multiple Tripwire Interactive games are prone to multiple remote denial-of-service vulnerabilities because the applications fail to properly handle specially crafted network packets. An attacker can exploit these issues to cause the applications to become unresponsive or to crash the affected game servers, denying service to legitimate users.
The Miniwork Studio Canteen component for Joomla! is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can exploit the SQL-injection vulnerability to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute arbitrary local files within the context of the webserver process. Information harvested may aid in further attacks.
mod_security <= 2.1.0 is vulnerable to a bypass vulnerability where ASCIIZ bytes in POST data of the application/x-www-form-urlencoded content-type are not properly handled, allowing an attacker to bypass security rules. This vulnerability occurs due to a mismatch between the RFC-defined rules followed by mod_security and the actual behavior of HTTP request parsers in scripting languages like Perl, Python, Java, and PHP.
Freeciv is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle specially crafted network packets. An attacker can exploit these issues to cause the applications to become unresponsive or to crash the affected game servers, denying service to legitimate users.
The EDItran Communications Platform (editcp) is vulnerable to a remote buffer overflow due to insufficient input validation. Attackers can exploit this vulnerability to execute arbitrary code within the context of the application. Failed attacks may lead to a denial-of-service condition.
This vulnerability allows an attacker to leak sensitive information from memory using the substr_compare function in PHP 5. By manipulating the function parameters, an attacker can retrieve data from memory that should not be accessible. This can lead to the exposure of sensitive information such as passwords or cryptographic keys.
Services By CQR