The Linux client that is utilized by versions prior to 6.05 of the Nortel SSL VPN appliance suffers from a number of problems that, in combination, allow an unprivileged local user to obtain root privileges. This particular bug is a race condition in the client's execution process, combined with insecure file permissions, which can be exploited to gain root access. The risk arises if there are untrusted accounts on the machine used to access the Nortel VPN, as those accounts can easily gain local root access.
The Sun Java System Web Server is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.
The Sun Java System Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer.
The PHPMySpace Gold application is vulnerable to an SQL injection vulnerability. This occurs due to the lack of proper sanitization of user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to compromise the application, access or modify data, or exploit other latent vulnerabilities in the underlying database.
VisualShapers ezContents is prone to an authentication-bypass vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This is a Proof of Concept exploit for the Nabopoll Blind SQL Injection vulnerability. The exploit allows an attacker to extract the MySQL user by manipulating the 'surv' parameter in the 'result.php' page. The exploit iterates through ASCII values of characters to extract the user one character at a time.
The EasySiteNetwork Jokes Complete Website is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are also possible.
Services By CQR