The ecoCMS web application is prone to a cross-site scripting vulnerability. This vulnerability occurs due to the application's failure to properly sanitize user-supplied input. An attacker can exploit this vulnerability by injecting arbitrary script code into the affected site, which will then be executed in the context of unsuspecting users' browsers. This can lead to the theft of cookie-based authentication credentials and enable the attacker to launch further attacks.
The RealVNC Viewer is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
The SamaGraph CMS is prone to an SQL-injection vulnerability. This vulnerability occurs because the application does not sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability by injecting malicious SQL statements into the affected application, potentially allowing them to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CH-CMS.ch is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
The IslamSound application is prone to multiple remote SQL injection vulnerabilities. These vulnerabilities can be exploited by sending specially crafted requests to the affected application. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The vulnerability allows an attacker to execute arbitrary code in the context of the PHP process. Failed exploit attempts result in a denial-of-service condition.
This exploit allows an attacker to cause a denial of service by sending a specially crafted request to the vulnerable application. The vulnerability exists in the "Resize" method of the DivX Web Player 1.3.0 (npdivx32.dll) plugin. By providing large values for the arguments of the "Resize" method, an attacker can cause the application to crash due to an access violation error.
NolaPro Enterprise is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CF Image Hosting Script is prone to an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
The Billwerx application is prone to an SQL-injection vulnerability due to insufficient sanitization of user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.