Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are also possible.
Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are also possible.
SurgeFTP is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in an administrator's browser session in the context of the affected site. This could potentially allow the attacker to steal cookie-based authentication credentials; other attacks are also possible.
The DBGuestBook 1.1 script is vulnerable to Remote File Inclusion (RFI) attacks. An attacker can exploit this vulnerability by injecting a malicious file path in the 'dbs_base_path' parameter in the following URLs:- http://SITE.com/path/includes/utils.php?dbs_base_path=[SHELL]- http://SITE.com/path/includes/guestbook.php?dbs_base_path=[SHELL]- http://SITE.com/path/includes/views.php?dbs_base_path=[SHELL]By exploiting this vulnerability, the attacker can execute arbitrary code on the server.
The vulnerabilities in Zenoss allow a remote attacker to perform administrative actions, execute arbitrary commands, gain unauthorized access, or delete data through cross-site request forgery attacks. The specific exploits include modifying user settings, executing commands, and performing user commands on devices.
SystemTap is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application.
An attacker can execute arbitrary script code in the browser of an unsuspecting user by exploiting the lack of proper input sanitization in TestLink. This can lead to the theft of authentication credentials and other attacks.
The Gracenote CDDBControl application is prone to a stack-based buffer-overflow vulnerability due to inadequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control, typically Internet Explorer. Failed attacks may result in denial-of-service conditions.
Zeus Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
LetoDMS (formerly known as MyDMS) is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying computer; other attacks are also possible.
Services By CQR