The application fails to properly sanitize user-supplied input, which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user. This can lead to the theft of cookie-based authentication credentials and enable other malicious activities.
osCSS is prone to a cross-site scripting vulnerability and multiple local file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run arbitrary files in the context of the webserver process.
Claroline is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
The Philex 0.2.3 version has vulnerabilities that allow remote file disclosure and remote file include. The exploit for remote file include can be triggered by accessing the header.inc.php file with the parameter CssFile set to 'Shell'. The exploit for remote file disclosure can be triggered by accessing the download.php file with the parameter file set to 'conf.inc.php'.
webEdition CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view and execute arbitrary local files in the context of the webserver process. This may aid in further attacks.
The Humhub social networking kit versions 0.10.0-rc.1 and prior suffer from an SQL injection vulnerability, which allows an attacker to obtain backend database access. The vulnerability is in the notification listing functionality in the actionIndex() function located in "/protected/modules_core/notification/controllers/ListController.php". The vulnerability occurs due to a check performed on the unsanitized $lastEntryId variable (fetched from the 'from' GET parameter) to see if it is greater than 0. However, since PHP uses type-unstrict comparisons and $lastEntryId isn't guaranteed to be an integer, an attacker can prefix their string of choice with any number of integers to inject SQL code into the $criteria->condition parameter.
This vulnerability allows an attacker to perform a SQL injection attack on the Active Auction script. By manipulating the 'catid' parameter in the URL, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database. The specific SQL injection payload is 'catid=-1+union+select+0,adminname,2+from+admins%20where%20adminid=1' for the username and 'catid=-1+union+select+0,password,2+from+admins%20where%20adminid=1' for the password.
FLVPlayer4Free is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
DivX Player is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
This exploit allows an attacker to inject HTML code into a Flat Calendar v1.1 application, potentially leading to cross-site scripting (XSS) attacks.
Services By CQR