Caucho Resin Professional is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The Shopzilla Affiliate Script PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
This module exploits a stack based buffer overflow on Yokogawa CS3000. The vulnerability exists in the service BKFSim_vhfd.exe when using malicious user-controlled data to create logs using functions like vsprintf and memcpy in an insecure way. This module has been tested successfully on Yokogawa Centum CS3000 R3.08.50 over Windows XP SP3.
The Percha components for Joomla are prone to multiple local file-include vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to obtain sensitive information and execute arbitrary local scripts in the context of the webserver process, potentially compromising the application and the computer. Other attacks are also possible.
TeamViewer is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.
The Linux Kernel is prone to a security-bypass vulnerability that affects the Btrfs filesystem implementation. An attacker can exploit this issue to clone a file only open for writing. This may allow attackers to obtain sensitive data or launch further attacks.
Serialsystem is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This exploit allows remote SQL injection in webSPELL version 4.01.02. The vulnerability exists in multiple files, including awards.php, clanwars_details.php, demos.php, profile.php, links.php, faq.php, articles.php, news_comments.php, and cash_box.php. The exploit targets specific variables in each file, allowing an attacker to inject malicious code. The solution for this vulnerability is to install the security fix.
This is a remote exploit for the hole in the imap daemon for Linux. It adds a line root::0:0.. at the beginning of /etc/passwd or /etc/shadow, depending on the need. The code needs to be self-modifying since imapd turns everything to lowercase before pushing it on the stack. The problem is that it overwrites the first line of passwd/shadow, causing the loss of the root password.
This exploit allows an attacker to execute arbitrary commands on a remote server running Webfroot Shoutbox version 2.32 or below. The exploit sends a specially crafted GET request to the shoutbox.php file, which allows the attacker to execute commands on the server.
Services By CQR