eTAWASOL is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
An attacker may obtain sensitive information, cause a denial-of-service condition, or bypass security restrictions by sending specially crafted HTTP POST requests.
There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in dbserver.exe and taking advantage of the way the program handles it. When an exception occurs, ClearSCADA enters "Safe Mode" which exposes its diagnostic functions to remote users without requiring a valid login. A remote attacker could view sensitive information and possibly modify functions of the server running on the affected host.
The Paliz Portal application is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability. These vulnerabilities occur due to a failure in properly sanitizing user-supplied input. An attacker can exploit these issues to steal cookie-based authentication credentials, control the rendering of the site, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The 'com_jr_tfb' component for Joomla! is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
The iMesh application is prone to a buffer overflow vulnerability due to inadequate boundary checks on user-supplied data. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code in the context of the application using an affected ActiveX control, typically in Internet Explorer. Failed exploit attempts may result in denial-of-service conditions.
This exploit allows remote attackers to include and execute arbitrary files on a vulnerable web server. The vulnerability exists due to the application not properly sanitizing user-supplied input in the 'path[JavascriptEdit]' parameter. An attacker can exploit this vulnerability to include a remote file containing malicious PHP code and execute it on the target system.
The NetBSD operating system is prone to a stack-based buffer-overflow vulnerability affecting multiple functions in the 'libc/net' library. Successful exploits may allow an attacker to execute arbitrary code in the context of the application using the affected library. Failed exploit attempts will result in a denial-of-service condition.
An attacker can exploit this issue to gain elevated privileges and execute arbitrary code with root privileges. Successfully exploiting this issue will result in a complete compromise of the affected system.
The jclassifiedsmanager component is vulnerable to SQL Injection and XSS attacks. The 'id' parameter in the 'displayads' task is not sanitized, allowing an attacker to inject malicious SQL code. The 'view' parameter in the 'displayads' task is also not sanitized, allowing an attacker to inject arbitrary JavaScript code.