CSS Style Tag Injection is a type of vulnerability that allows an attacker to inject malicious code into a website using the CSS style tag. This can lead to various security issues, including cross-site scripting (XSS) attacks and remote code execution. The exploit takes advantage of the fact that the CSS style tag can contain executable code, which is executed by the browser when rendering the web page. This vulnerability can be used to bypass input validation and execute arbitrary code on the target system.
Pligg CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Pligg CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
There's a buffer overflow in iftpmgr.exe that can be triggered by registering a long site command. The result is then saved in the registry and every time the group is checked the bug appears. This exploit launches calc.exe.
PHPB2B is vulnerable to a cross-site scripting (XSS) attack due to inadequate sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a targeted user, within the context of the affected PHPB2B site. This can lead to the theft of authentication credentials stored in cookies and enable the attacker to launch further attacks.
The TheCartPress WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
IrfanView is vulnerable to a buffer overflow when opening a crafted .ani file. The overflow occurs while it is creating a snapshot of the file. This exploit launches calc.exe.
Bsplayer suffers from a buffer overflow vulnerability when processing the HTTP response when opening a URL. In order to exploit this bug, the seh record is partially overwritten to land at pop pop ret instead of the full address, and then backward jumping is used to jump to a long jump that eventually lands in the shellcode.
A local attacker can exploit this issue to cause the affected application to crash, denying service to legitimate users. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed.
The Barracuda Control Center 620 is vulnerable to HTML injection and multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to inject malicious HTML and script code, which will run in the context of the affected browser. This can lead to the theft of authentication credentials and control over the site's rendering to the user. Other attacks are also possible.
Services By CQR