The Oracle E-Business Suite Financials is vulnerable to SQL injection due to inadequate sanitization of user-supplied data before using it in an SQL query. This vulnerability can be exploited by an attacker to compromise the application, gain unauthorized access or modify data, and potentially exploit other vulnerabilities in the underlying database.
Mocha W32 LPD is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
AneCMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
The vulnerability in Vana CMS allows attackers to download arbitrary files by exploiting the application's failure to properly sanitize user-supplied input. By manipulating the 'filename' parameter in the 'download.php' script, an attacker can view arbitrary files within the application's context, potentially gathering sensitive information that can be used for further attacks.
The Blog System is prone to multiple input-validation vulnerabilities including local file-include, SQL-injection, and cross-site-scripting issues. These vulnerabilities can be exploited to steal authentication credentials, view local files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
The TANDBERG Video Communication Server is prone to multiple remote vulnerabilities. These include a file-disclosure vulnerability, a security vulnerability that may allow attackers to conduct server impersonation and man-in-middle attacks, and an authentication-bypass vulnerability. An attacker can exploit these issues to gain unauthorized access to the affected device and sensitive information. Other attacks are also possible.
This exploit allows for the overwrite of specific kernel addresses to elevate privileges. It requires a deep understanding of the Plan9 kernel and careful execution. The process involves determining the user and hostowner, overwriting kernel addresses, writing the username to '#c/hostowner', stealing credentials, resetting overwritten functions, and restoring the original username.
The WinSoftMagic Photo Editor is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
The Istgah for Centerhost is vulnerable to a cross-site scripting (XSS) attack due to inadequate input sanitization. An attacker can exploit this vulnerability by injecting arbitrary script code into the browser of a victim user, within the context of the affected site. This can lead to the theft of authentication credentials and enable the attacker to launch further attacks.
TCPDF is prone to a security weakness that may allow attackers to execute arbitrary code. An attacker can exploit this issue in conjunction with other latent vulnerabilities to execute arbitrary code with the privileges of the webserver.
Services By CQR