Kleophatra CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The HTTP application is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary local files and directories within the context of the webserver. Information harvested may aid in launching further attacks.
TimThumb is a small php script for cropping, zooming and resizing web images (jpg, png, gif). It is used in many Wordpress themes and plugins. The vulnerability allows an attacker to execute arbitrary code on the affected website by manipulating the 'webshot' parameter in the 'timthumb.php' file. The payload for the exploit must be within specific character sets. The vulnerability affects multiple themes and plugins, including Wordpress Gallery Plugin and IGIT Posts Slider Widget.
An attacker can exploit this issue to cause the application to allocate a large amount of memory, hanging or crashing the application.
Multiple format string attacks and buffer overflow vulnerabilities exist in XM Easy Personal FTP Server version 5.3.0. These vulnerabilities can be exploited to crash the server and potentially execute code. Every command in the server is vulnerable to these attacks. It is recommended to use a custom fuzzer to fuzz the server for better results.
WinMount is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
netkar-PRO is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check messages before copying them to an insufficiently sized memory buffer. Successful exploits can allow remote attackers to execute arbitrary machine code in the context of the user running the application.
The vulnerabilities in HTTP File Server allow an attacker to download files from restricted directories or cause denial-of-service conditions. By accessing a specially crafted URL, an attacker can bypass security measures and download files from protected folders within the application's context. Additionally, the application is vulnerable to a denial-of-service attack triggered by a malformed search parameter.
Ziggurat Farsi CMS is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the application. Information harvested may aid in launching further attacks.
Local attacker can influence Apache to direct commands into an open tty owned by user who started apache process, usually root. This results in arbitrary command execution.
Services By CQR