Wikiwig is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Monkey's Audio is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.
SugarCRM is prone to an information-disclosure vulnerability because it fails to restrict access to certain application data. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
This exploit allows attackers to crash the VLC Media Player application, denying service to legitimate users. The exploit involves creating a specially crafted APE file and opening it with VLC Media Player 1.0.5, causing the application to crash.
This vulnerability allows an attacker to perform SQL injection by manipulating the 'eventid' parameter in the 'calendar.asp' page. The example exploit provided demonstrates the use of a union-based SQL injection technique to retrieve sensitive information from the database.
The Pixie application is vulnerable to multiple SQL injection vulnerabilities. These vulnerabilities occur because the application does not properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Pixie is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
The LMS <= 1.8.9 Vala script is vulnerable to remote file inclusion attacks. The vulnerabilities can be exploited by an attacker by injecting malicious code into the userpanel_dir and _LIB_DIR parameters. This can lead to arbitrary code execution and unauthorized access to sensitive information.
The Windows Movie Maker application fails to perform adequate boundary checks on user-supplied data, leading to a stack-based buffer-overflow vulnerability. This vulnerability can be exploited to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.
The OpenLDAP server is vulnerable to a remote denial-of-service attack. The vulnerability is triggered by sending a specially crafted 'modify relative distinguished name' (modrdn) command. Attackers can exploit this vulnerability to crash the 'slapd' server, causing a denial of service for legitimate users.
Services By CQR