The 'com_virtualmoney' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This module abuses a process creation policy in Internet Explorer's sandbox, specifically the Microsoft Remote Desktop Services Web Proxy IE one, which allows the attacker to escape the Protected Mode, and execute code with Medium Integrity. At the moment, this module only bypass Protected Mode on Windows 7 SP1 and prior (32 bits). This module has been tested successfully on Windows 7 SP1 (32 bits) with IE 8 and IE 11.
The ManageEngine Desktop Central 9 application is vulnerable to a Cross-Site Request Forgery (CSRF) attack. An authenticated application admin can be tricked into clicking a link that adds a new admin user to the application. The attacker needs to change the IP address in the code to the target server IP address.
The Mangobery 0.5.5 script is vulnerable to Remote File Inclusion (RFI) attacks in the 'boxes/quotes.php' and 'templates/mangobery/footer.sample.php' files. An attacker can exploit this vulnerability by including a malicious file from a remote server using the 'Site_Path' parameter, leading to arbitrary code execution.
The Willscript Recipes website Script Silver Edition is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to execute arbitrary code, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Online Grades application fails to properly sanitize user-supplied data, resulting in multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.
The Godly Forums website is vulnerable to SQL injection attacks. This vulnerability occurs due to the lack of proper sanitization of user-supplied data before using it in SQL queries. An attacker can exploit this vulnerability to compromise the application, gain unauthorized access or modify data, and potentially exploit other vulnerabilities in the underlying database.
The Synergy Software application is vulnerable to SQL injection attacks due to inadequate input sanitization. An attacker can exploit this vulnerability to compromise the application, gain unauthorized access or modify data, and potentially exploit other vulnerabilities in the connected database.
Cyberoam UTM is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Tiki Wiki CMS Groupware is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Services By CQR