VideoDB is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Zen Time Tracking is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Aflam Online is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Mongoose is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view the source code of files in the context of the server process, which may aid in further attacks.
JDownloader is prone to a vulnerability that lets remote attackers execute arbitrary code. Attackers can exploit this issue to execute arbitrary code within the context of the affected webserver process.
Gefest Web Home Server is prone to a remote directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.
This exploit leverages a buffer overflow vulnerability in the Easy File Management Web Server v5.3. By sending a specially crafted UserID string, an attacker can overflow the buffer and execute arbitrary code.
The vulnerability allows an attacker to disclose the path of sensitive files on the server and execute arbitrary code by injecting a shell command in the 'path_to_smf' parameter in two different PHP files: 'logout.php' and 'get_session_vars.php'. This vulnerability was discovered by ThE dE@Th from the AsB-MaY DiScOvEr ExPlIoTs Gr0uP.
The vulnerability allows an attacker to crash the affected browser, resulting in a denial-of-service condition. Memory corruption or code execution might be possible, but it has not been confirmed.
The vulnerability allows an attacker to crash the affected browsers, resulting in a denial-of-service condition. Memory corruption or code execution may be possible but has not been confirmed.
Services By CQR