The Forum Livre 1.0 application is vulnerable to SQL injection and cross-site scripting (XSS) attacks. The SQL injection vulnerability can be exploited by modifying the 'user' parameter in the 'info_user.asp' page. The XSS vulnerability can be exploited by injecting malicious code into the 'palavra' parameter in the 'busca2.asp' page.
The vulnerability exists in the print.asp file of the GPS 1.2 Content Managing System, allowing an attacker to inject SQL queries through the 'id' parameter. This can lead to unauthorized access and retrieval of sensitive information from the userdb table.
The vulnerability allows an attacker to inject SQL queries into the 'uid' parameter of the 'news_page.asp' page. By manipulating the SQL query, an attacker can potentially extract sensitive information from the database.
The DUC application for No-IP is prone to a local information-disclosure vulnerability when it is running on Microsoft Windows. Successfully exploiting this issue allows attackers to obtain potentially sensitive information that may aid in further attacks.
Bound error occurs when parsing Palette Record and it causes Heap Overflow. The attack vector is through arbitrary data overwrite to the heap. The result of the heap overflow is denial of service (DOS). The pyExcelerator module needs to be modified to prevent the generation of Palette Record.
The Xero Portal v1.2 script is vulnerable to a Local File Include vulnerability. By manipulating the 'phpbb_root_path' parameter in various admin pages, an attacker can include arbitrary files from a remote server.
The S.T.A.L.K.E.R. game servers are prone to a remote denial-of-service vulnerability because the software fails to handle exceptional conditions when processing user nicknames. Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.
This exploit allows an attacker to execute arbitrary commands on a target system by manipulating the MODULES_DIR parameter in the main.php script of the vHostAdmin application.
The Private Camera Pro v5.0 iOS app is vulnerable to multiple web vulnerabilities, allowing unauthorized access to photos and videos, and potential privacy breaches. The app supports taking photos and recording videos, password lock protection, and sharing photos. However, these vulnerabilities can be exploited to bypass the password lock and gain access to the user's private content. Additionally, the app's web access feature allows for the uploading of photos from a computer to the app, which can be abused by an attacker to upload malicious content. These vulnerabilities pose a high risk to user privacy and security.
This exploit targets Explorer.exe version 6.0.2900.2180 using a specially crafted .avi file. It causes a denial of service by crashing the Explorer.exe process.
Services By CQR