The Controller component for Joomla! is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
The iPhotoAlbum v1.1 script is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a malicious file through the 'set_menu' parameter in the 'header.php' file. This can lead to arbitrary code execution.
The Juicy Gallery component for Joomla! is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
The 'Foto' component for Joomla! is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
The Easy Estate Rental application is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. This can allow an attacker to manipulate the SQL queries and potentially compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Auto Web Toolbox is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This exploit allows an attacker to escalate their privileges and write arbitrary data in McAfee Data Loss Prevention Endpoint. The vulnerability exists in the hdlpctrl.sys driver of the software. By exploiting this vulnerability, an attacker can gain elevated privileges and potentially execute arbitrary code on the target system.
The exploit allows local attackers to escalate privileges on a system running the Linux kernel by exploiting a vulnerability in the DCCP_SOCKOPT_SEND_CSCOV option in the Datagram Congestion Control Protocol (DCCP) implementation. By sending a specially crafted request, an attacker can overwrite kernel memory, leading to privilege escalation.
Chyrp is prone to multiple cross-site scripting vulnerabilities, a local file-include vulnerability, an arbitrary file-upload vulnerability, and a directory-traversal vulnerability. An attacker may leverage these issues to execute arbitrary script code on an affected computer and in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, open or run arbitrary files in the context of the webserver process, and gain access to sensitive information.
Chyrp is prone to multiple cross-site scripting vulnerabilities, a local file-include vulnerability, an arbitrary file-upload vulnerability, and a directory-traversal vulnerability. An attacker may leverage these issues to execute arbitrary script code on an affected computer and in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, open or run arbitrary files in the context of the webserver process, and gain access to sensitive information.