The Admin Bot application is vulnerable to an SQL Injection attack due to insufficient sanitization of user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability by injecting malicious SQL code into the 'wgo' parameter of the 'news.php' page. Successful exploitation could result in compromising the application, unauthorized access or modification of data, or exploitation of other latent vulnerabilities in the underlying database implementation.
This exploit allows an attacker to perform a remote BLIND SQL injection attack on XOOPS Module Camportail version 1.1. By exploiting this vulnerability, an attacker can retrieve sensitive information from the database, such as usernames and passwords.
SmartJobBoard is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Multiple Vendors' libc library is prone to a denial-of-service vulnerability due to stack exhaustion. Successful exploits will allow attackers to make the applications that use the affected library, unresponsive, denying service to legitimate users.
The Bonus theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
DreamBox DM800 is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
This exploit attempts to trigger the ICMP refCount overflow in the TCP/IP stack of Windows 7, Vista, and Windows Server 2008 hosts. It requires sending 2^32 UDP packets to a host on a closed port, or 4,294,967,296 packets. The exploit creates 250 threads and floods a host with UDP packets, then attempts to trigger the de-ref using ping. It is estimated that it would take approximately 52 days for the host to enter a condition where this vulnerability is triggerable.
CmyDocument is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Serendipity is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
eFront is prone to multiple cross-site scripting and SQL-injection vulnerabilities due to insufficient sanitization of user-supplied input. These vulnerabilities can be exploited to steal authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR
