Support Incident Tracker is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Support Incident Tracker is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
The application fails to properly sanitize user-supplied input before using it in an SQL query, leading to multiple SQL-injection vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Support Incident Tracker is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
The 'com_virtualmoney' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This module abuses a process creation policy in Internet Explorer's sandbox, specifically the Microsoft Remote Desktop Services Web Proxy IE one, which allows the attacker to escape the Protected Mode, and execute code with Medium Integrity. At the moment, this module only bypass Protected Mode on Windows 7 SP1 and prior (32 bits). This module has been tested successfully on Windows 7 SP1 (32 bits) with IE 8 and IE 11.
The ManageEngine Desktop Central 9 application is vulnerable to a Cross-Site Request Forgery (CSRF) attack. An authenticated application admin can be tricked into clicking a link that adds a new admin user to the application. The attacker needs to change the IP address in the code to the target server IP address.
The Mangobery 0.5.5 script is vulnerable to Remote File Inclusion (RFI) attacks in the 'boxes/quotes.php' and 'templates/mangobery/footer.sample.php' files. An attacker can exploit this vulnerability by including a malicious file from a remote server using the 'Site_Path' parameter, leading to arbitrary code execution.
The Willscript Recipes website Script Silver Edition is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to execute arbitrary code, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Online Grades application fails to properly sanitize user-supplied data, resulting in multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.