A vulnerability within Microsoft Bluetooth Personal Area Networking module, BthPan.sys, can allow an attacker to inject memory controlled by the attacker into an arbitrary location. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile.
The vulnerabilities in Novell GroupWise allow for multiple attacks including remote code-execution, information-disclosure, and cross-site scripting. By exploiting these vulnerabilities, an attacker can steal cookie-based authentication credentials, obtain sensitive information, or execute arbitrary code in the context of the user running the affected application. The harvested information can be used for further attacks, and other attacks are also possible.
The vulnerability exists in the kommentare.php file of Creative Files 1.2. By manipulating the 'dlid' parameter, an attacker can execute arbitrary SQL queries, potentially leading to unauthorized access or data leakage.
The Silo application is vulnerable to an arbitrary code execution vulnerability. This can be exploited by an attacker by tricking a legitimate user into using the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. When the DLL file is loaded, the attacker's code is executed.
The jRSS Widget Plugin for WordPress is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue to view local files in the context of the affected application. This may allow the attacker to obtain sensitive information; other attacks are also possible.
The Vodpod Video Gallery Plugin for Wordpress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The SEO Tools plugin for WordPress is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.
The WP Survey And Quiz Tool for Wordpress is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by injecting arbitrary script code into the affected site, potentially leading to the theft of authentication credentials and other attacks.
The AutoArticles 3000 component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Angel Learning Management System is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Services By CQR