The vulnerability allows an attacker to execute arbitrary commands within the context of the affected KVIrc application by exploiting insufficient input sanitization.
The Jira application fails to sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities and an information disclosure vulnerability. Attackers can exploit these vulnerabilities to obtain sensitive information, steal cookie-based authentication information, and execute arbitrary client-side scripts in the context of the browser.
An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
The vulnerability exists in the mysave.php file of Magic CMS v4.2.747. It allows an attacker to include a remote file by manipulating the 'file' parameter in the URL. This vulnerability can only be exploited when the 'register_globals' setting is turned on. The vulnerability is discovered by DNX and reported on 03.03.2007. The PoC URL to exploit this vulnerability is 'http://[site]/[path]/mysave.php?file=[shell]'. The vendor, www.geo-soft.net/de-ch/, has not provided a patch or update for this vulnerability.
SyndeoCMS is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Attackers can exploit these issues to obtain sensitive information, steal cookie-based authentication information, upload arbitrary files to the affected computer, and execute arbitrary script code in the context of the browser.
sSMTP is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Joomla! FreiChat component is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
MC Content Manager is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The vulnerability exists in SAP Netweaver due to improper input sanitization. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a user visiting the affected site. This can lead to the theft of authentication credentials and other malicious activities.
Services By CQR