The 60cycleCMS is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
The Friendly Technologies TR-069 ACS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, gain administrator access, access or modify data, or exploit latent vulnerabilities in the underlying database.
Max Network Technology BBSMAX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
This is a Perl script that exploits a remote file inclusion vulnerability in the phpBB Module NoMoKeTos Rules 0.0.1. It allows an attacker to include a remote file and execute arbitrary commands on the target server.
IBM ENOVIA SmarTeam is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The wh-em.com upload application fails to adequately verify user-supplied input used for cookie-based authentication, allowing attackers to gain administrative access to the affected application.
libodm allows privilege escalation via arbitrary file writes with elevated privileges (utilising SetGID and SetUID programs). A new file /etc/pwned is created with permissions of rw-rw-rw.
OpenCart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The KDPics application is prone to an authentication bypass vulnerability that allows an attacker to add an administrative user. This vulnerability is due to inadequate access control mechanisms in the application. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. Successful exploitation of this vulnerability could allow the attacker to compromise the application and the underlying computer. Other attacks are also possible.
ASPCode CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.