Flowplayer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Sphider is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following example input is available: Username: ' or 0=0 # Password: ' or 0=0 #
The Xoops module Articles version 1.02 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries in the 'cat_id' parameter of the 'index.php' file. This allows the attacker to retrieve sensitive information from the database, such as usernames and passwords of Xoops users.
The Alice Modem is prone to a cross-site scripting vulnerability and a denial-of-service vulnerability due to improper handling of user-supplied input. An attacker can exploit these vulnerabilities to cause a denial-of-service condition or execute arbitrary script code in the browser of a user visiting the affected site. Successful exploitation of the cross-site scripting vulnerability may result in the theft of cookie-based authentication credentials and enable further attacks.
ICMusic is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Prontus CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Proof of concept exploit for a stack based overflow in Corel Wordperfext X3. The vulnerability can be exploited by tricking a user into opening a specially crafted document.
The 'com_voj' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Pro Softnet IDrive Online Backup ActiveX control is prone to a vulnerability that allows attackers to overwrite files with arbitrary, attacker-controlled content. An attacker can exploit this issue to corrupt and overwrite arbitrary files on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). The provided HTML code demonstrates an example of the exploit.
The Classified Script is vulnerable to a cross-site scripting (XSS) attack due to inadequate sanitization of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other malicious activities.