PHPWind is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The SQL injection vulnerability and cross-site scripting vulnerability in Kempt SiteDone could allow an attacker to steal authentication credentials, control site rendering, compromise the application, access or modify data, or exploit other vulnerabilities in the database.
The Xilisoft Video Converter application fails to perform adequate boundary checks on user-supplied input, leading to a stack-based buffer overflow vulnerability. Attackers can exploit this vulnerability to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
IBM Lotus Notes is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks; other attacks are possible.
The application fails to sufficiently sanitize user-supplied data before using it in an SQL query, leading to SQL injection vulnerabilities. An attacker can exploit this to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
phpBB2 Plus is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The 'com_alert' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This exploit allows an attacker to grant or revoke dba permission to an unprivileged user in Oracle DBMS_METADATA.GET_DDL. It uses an 'evil cursor injection' technique and does not require 'create procedure' privilege. The exploit has been tested on Oracle Database 10g Enterprise Edition Release 10.1.0.3.0. The exploit script is provided in Perl.
This module is able to predict the next session cookie value issued by the DHOST web service of Novell eDirectory 8.8.5. An attacker can run this module, wait until the real administrator logs in, then specify the predicted cookie value to hijack their session.
The 'com_as' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.