IBM ENOVIA SmarTeam is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The wh-em.com upload application fails to adequately verify user-supplied input used for cookie-based authentication, allowing attackers to gain administrative access to the affected application.
libodm allows privilege escalation via arbitrary file writes with elevated privileges (utilising SetGID and SetUID programs). A new file /etc/pwned is created with permissions of rw-rw-rw.
OpenCart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The KDPics application is prone to an authentication bypass vulnerability that allows an attacker to add an administrative user. This vulnerability is due to inadequate access control mechanisms in the application. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. Successful exploitation of this vulnerability could allow the attacker to compromise the application and the underlying computer. Other attacks are also possible.
ASPCode CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Max Network Technology BBSMAX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The Pre E-Learning Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The vulnerability allows remote attackers to cause a denial-of-service (DoS) condition on vulnerable Windows applications by sending a specially crafted '.ani' file. When the file is processed, it causes the affected applications to crash or become unresponsive, resulting in a denial of service for legitimate users.
phpCOIN is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
Services By CQR