DBSite wb CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Viennabux Beta! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
An authenticated attacker can exploit this issue by sending specially crafted ticket-renewal requests to a vulnerable computer. Successfully exploiting this issue can allow the attacker to execute arbitrary code with superuser privileges, completely compromising the affected computer. Failed exploit attempts will result in a denial-of-service condition.
The Two-Step External Link module for vBulletin is vulnerable to a cross-site scripting (XSS) attack. This vulnerability occurs due to the application's failure to properly sanitize user-supplied input. An attacker can exploit this vulnerability by injecting arbitrary script code into the 'url' parameter of the 'externalredirect.php' script. When an unsuspecting user visits the affected site and clicks on the malicious link, the injected script code will execute in their browser, allowing the attacker to steal their cookie-based authentication credentials and potentially launch further attacks.
Kleophatra CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The HTTP application is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary local files and directories within the context of the webserver. Information harvested may aid in launching further attacks.
TimThumb is a small php script for cropping, zooming and resizing web images (jpg, png, gif). It is used in many Wordpress themes and plugins. The vulnerability allows an attacker to execute arbitrary code on the affected website by manipulating the 'webshot' parameter in the 'timthumb.php' file. The payload for the exploit must be within specific character sets. The vulnerability affects multiple themes and plugins, including Wordpress Gallery Plugin and IGIT Posts Slider Widget.
An attacker can exploit this issue to cause the application to allocate a large amount of memory, hanging or crashing the application.
Multiple format string attacks and buffer overflow vulnerabilities exist in XM Easy Personal FTP Server version 5.3.0. These vulnerabilities can be exploited to crash the server and potentially execute code. Every command in the server is vulnerable to these attacks. It is recommended to use a custom fuzzer to fuzz the server for better results.
WinMount is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.