Data 1 Systems UltraBB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The application fails to properly sanitize user-supplied input, leading to multiple XSS vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user, potentially stealing authentication credentials and launching further attacks.
The Interspire Knowledge Manager is prone to multiple vulnerabilities including SQL injection, cross-site scripting (XSS), and information disclosure vulnerabilities. Exploiting these vulnerabilities could allow an attacker to obtain sensitive information, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Microsoft Windows TCP/IP protocol implementation is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers. Failed exploit attempts will likely result in denial-of-service conditions.
NtFilterToken() in Microsoft Windows kernel is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges, resulting in the complete compromise of affected computers. Failed exploit attempts will cause a denial of service.
Remote attackers can exploit this issue to cause the application to hang, denying service to legitimate users.
The AutartiTarot component for Joomla! is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.
This module exploits a remote command execution vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.2.0. The bug is found in the REST API, which requires no authentication or authorization, where the search function allows dynamic scripts execution, and can be used for remote attackers to execute arbitrary Java code. This module has been tested successfully on ElasticSearch 1.1.1 on Ubuntu Server 12.04 and Windows XP SP3.
The 'com_gambling' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The vulnerability allows an attacker to remotely trigger a denial-of-service condition in IBM DB2 by sending a specific sequence of bytes. This causes the application to crash, resulting in a denial of service for legitimate users.
Services By CQR