The Barracuda Message Archiver is vulnerable to a persistent input validation vulnerability. This allows remote authenticated attackers to inject malicious scripts into the application, potentially leading to cross-site scripting (XSS) attacks. This vulnerability can be exploited by sending specially crafted input to the affected application. Successful exploitation can result in the execution of arbitrary HTML or JavaScript code in the context of the user's browser.
This exploit allows an attacker to perform a BLIND SQL Injection attack on the AJ Classifieds 1.0 application through the 'postingdetails.php' file. The exploit retrieves the passwords from the 'mysql.user' table.
This exploit is for Solaris 2.4 and allows the modification of the stack offset. It uses a buffer overflow to execute arbitrary code.
CuteSITE CMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PonVFTP is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following example data is available: password: 'or' 1=1
Aqua Real Screensaver is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed attacks will cause denial-of-service conditions.
Battlefield 2 and Battlefield 2142 are prone to multiple remote denial-of-service vulnerabilities due to improper handling of specially crafted network packets. An attacker can exploit these vulnerabilities to cause the applications to become unresponsive or crash the affected game servers, resulting in a denial of service for legitimate users.
JForum is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
The Pay Per Minute Video Chat Script is vulnerable to SQL injection and multiple cross-site scripting (XSS) attacks. The application fails to properly sanitize user-supplied input, allowing an attacker to execute arbitrary SQL queries or inject malicious scripts into web pages.
This is a remote blind SQL injection exploit for AJDating 1.0 in the view_profile.php file. It allows an attacker to extract the username and password from the admin table.
Services By CQR