The Easy Estate Rental application is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. This can allow an attacker to manipulate the SQL queries and potentially compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Auto Web Toolbox is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This exploit allows an attacker to escalate their privileges and write arbitrary data in McAfee Data Loss Prevention Endpoint. The vulnerability exists in the hdlpctrl.sys driver of the software. By exploiting this vulnerability, an attacker can gain elevated privileges and potentially execute arbitrary code on the target system.
The exploit allows local attackers to escalate privileges on a system running the Linux kernel by exploiting a vulnerability in the DCCP_SOCKOPT_SEND_CSCOV option in the Datagram Congestion Control Protocol (DCCP) implementation. By sending a specially crafted request, an attacker can overwrite kernel memory, leading to privilege escalation.
Chyrp is prone to multiple cross-site scripting vulnerabilities, a local file-include vulnerability, an arbitrary file-upload vulnerability, and a directory-traversal vulnerability. An attacker may leverage these issues to execute arbitrary script code on an affected computer and in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, open or run arbitrary files in the context of the webserver process, and gain access to sensitive information.
Chyrp is prone to multiple cross-site scripting vulnerabilities, a local file-include vulnerability, an arbitrary file-upload vulnerability, and a directory-traversal vulnerability. An attacker may leverage these issues to execute arbitrary script code on an affected computer and in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, open or run arbitrary files in the context of the webserver process, and gain access to sensitive information.
Flowplayer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Sphider is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following example input is available: Username: ' or 0=0 # Password: ' or 0=0 #
The Xoops module Articles version 1.02 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries in the 'cat_id' parameter of the 'index.php' file. This allows the attacker to retrieve sensitive information from the database, such as usernames and passwords of Xoops users.
The Alice Modem is prone to a cross-site scripting vulnerability and a denial-of-service vulnerability due to improper handling of user-supplied input. An attacker can exploit these vulnerabilities to cause a denial-of-service condition or execute arbitrary script code in the browser of a user visiting the affected site. Successful exploitation of the cross-site scripting vulnerability may result in the theft of cookie-based authentication credentials and enable further attacks.
Services By CQR