ARSC Really Simple Chat is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PikaCMS is prone to multiple local file-disclosure vulnerabilities because it fails to adequately validate user-supplied input. Exploiting these vulnerabilities may allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
TEDE Simplificado is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This exploit allows an attacker to execute arbitrary code by exploiting a buffer overflow vulnerability in T-Mobile Internet Manager software for Windows. The vulnerability occurs in the handling of the UpdateCfg.ini file, which can be exploited by copying a specially crafted file to the program's installation directory and triggering an update.
The User Profile Service in Windows 8.1 Update 32/64 bit has a bug in the way it handles impersonation. When a user logs in, certain resources in the profile are created under the user's token, but then changes to impersonating Local System, which can lead to privilege escalation. Some identified issues include recursive directory creation and creation of the temporary folder for the user under system privileges.
The 'libxml2' library is prone to multiple memory-corruption vulnerabilities, including one that can trigger a heap-based buffer-overflow error and an integer-overflow condition. An attacker can exploit these issues by enticing an unsuspecting user into opening a specially crafted XML file that contains a malicious XPath. A successful attack can allow attacker-supplied code to run in the context of the application using the vulnerable library or can cause a denial-of-service condition.
This exploit allows an attacker to execute arbitrary code on a remote IceBB 1.0-rc5 installation. The attacker needs to register a user and then run the exploit with the specified parameters. After successful execution, the attacker can login with admin access.
This vulnerability allows an attacker to execute arbitrary code by enticing a legitimate user to open a specially crafted Dynamic Linked Library (DLL) file from a network share location using the vulnerable Microsoft Windows Live Messenger application.
The vulnerability exists due to insufficient sanitization of user-supplied data in Kentico CMS. An attacker can exploit this issue by injecting arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Services By CQR