Perl is prone to a security-bypass weakness that occurs when laundering tainted input. Attackers can leverage this issue to bypass security checks in perl applications that rely on TAINT mode protection functionality. This opens such applications up to potential attacks that take advantage of the software's failure to properly sanitize user-supplied input.
The vulnerability allows attackers to execute arbitrary code in the context of the application and cause denial-of-service conditions.
The MoviePlay software is prone to a buffer-overflow vulnerability due to a lack of adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the application, leading to denial-of-service conditions if the attack fails.
Collabtive is prone to multiple remote input-validation vulnerabilities including cross-site scripting, HTML-injection, and directory-traversal issues. Attackers can exploit these issues to obtain sensitive information, execute arbitrary script code, and steal cookie-based authentication credentials.
Various device drivers in the Linux kernel do not properly pad Ethernet frames with NULLs, leading to information disclosure of sensitive kernel memory.
InTerra Blog Machine is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks.
ICJobSite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This exploits a buffer overflow in dproxy version 0.1 to 0.5.
The 'condition' parameter in the 'getDropdownValue.php' file is not properly escaped, leading to a Blind SQL Injection vulnerability. An attacker can exploit this vulnerability to execute arbitrary SQL queries on the database.
GuppY is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Services By CQR