The XOOPS application fails to properly sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the context of the affected site, potentially stealing authentication credentials and launching further attacks.
The Rating-Widget plugin is prone to multiple cross-site scripting vulnerabilities due to inadequate input sanitization. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a targeted user, potentially leading to the theft of authentication credentials and other malicious activities.
The AplikaMedia CMS is vulnerable to an SQL-injection attack due to inadequate input sanitization in an SQL query.
0irc-client v1345 build 20060823 suffers from a NULL pointer dereferencing bug. By sending a specially crafted request, an attacker can cause a denial of service (DoS) condition on the target system.
Wikiwig is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Monkey's Audio is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.
SugarCRM is prone to an information-disclosure vulnerability because it fails to restrict access to certain application data. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
This exploit allows attackers to crash the VLC Media Player application, denying service to legitimate users. The exploit involves creating a specially crafted APE file and opening it with VLC Media Player 1.0.5, causing the application to crash.
This vulnerability allows an attacker to perform SQL injection by manipulating the 'eventid' parameter in the 'calendar.asp' page. The example exploit provided demonstrates the use of a union-based SQL injection technique to retrieve sensitive information from the database.
The Pixie application is vulnerable to multiple SQL injection vulnerabilities. These vulnerabilities occur because the application does not properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.