The application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user, potentially stealing authentication credentials and launching other attacks.
Saskia's Shopsystem is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
The Spectrum Software WebManager CMS is vulnerable to a cross-site scripting (XSS) attack due to insufficient input sanitization. An attacker can exploit this vulnerability by injecting arbitrary script code into the affected website, potentially compromising the user's browser. This can lead to the theft of authentication credentials and enable further malicious activities.
There is an XSSHTML Injection in a song history in song history, allowing inject a JavaScript script or HTML code in site.
The VLC Media Player is prone to a buffer-overflow vulnerability due to inadequate boundary checks on user-supplied data. Attackers can exploit this vulnerability to execute arbitrary code in the context of the application. Failed attacks may cause denial-of-service conditions.
The BS.Player software is prone to a buffer-overflow vulnerability due to insufficient boundary checks on user-supplied data. This vulnerability can be exploited by attackers to execute arbitrary code within the context of the application. Failed attacks may result in denial-of-service conditions.
J. River Media Jukebox is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
This exploit allows an attacker to perform a blind SQL injection attack on Coppermine Photo Gallery version 1.3.x. By adding a favorite picture and accessing the site with the /addfav.php?pid=2 URL, the attacker can exploit a vulnerability in the code to extract the username and password from the database. The specific line of code that is vulnerable depends on the language used.
The Natychmiast CMS is prone to multiple cross-site scripting and SQL-injection vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The FreeBSD and OpenBSD 'ftpd' service is prone to a denial-of-service vulnerability because of a NULL-pointer dereference. Successful exploits may allow remote attackers to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
Services By CQR