Wiccle Web Builder CMS and iWiccle CMS Community Builder are prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The Creative Guestbook 1.0 portal allows an attacker to add a remote admin user and perform cross site scripting attacks. The portal can be downloaded from http://www.thecreativeheads.de/CreativeFiles/downloads.php. The vulnerability can be exploited by inserting malicious scripts in the Guestbook.php file. An example script is <script> alert (' dj7xpl ^_^ ') </script>.
The vulnerability in Microsoft Windows Mobile allows an attacker to crash a device running Windows Mobile, thereby denying service to legitimate users. It is also possible for the attacker to run arbitrary code, although this has not been confirmed.
The SQL Injection vulnerability in 4Site CMS allows an attacker to execute unauthorized actions on the database, potentially compromising the application and facilitating further attacks.
sNews is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
The vulnerability allows an attacker to execute arbitrary code in the context of the user running an affected application. It occurs due to inadequate validation of user-supplied data in Mozilla Firefox, Thunderbird, and Seamonkey.
This is a proof-of-concept exploit for a local buffer overflow vulnerability in PHP versions <= 4.4.6. The vulnerability exists in the ibase_connect() and ibase_pconnect() functions. The exploit targets Windows 2000 SP3 EN and utilizes a SEH overwrite technique. The exploit was created by rgod.
An attacker can exploit this issue to cause the affected application to crash, denying service to legitimate users.
The VLC media player is prone to a remote code-execution vulnerability. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
An attacker can exploit this vulnerability by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.