An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and view and execute arbitrary local files within the context of the webserver.
The vulnerability is due to a double free condition in MapServer. Attackers can exploit this issue to crash the application, denying service to legitimate users. It is possible that code execution may also be possible, but this has not been confirmed.
IBM Open Admin Tool is prone to multiple cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks.
ClickCMS is prone to a denial-of-service vulnerability and a CAPTCHA-bypass vulnerability. Attackers can leverage these issues to cause the affected server to stop responding or to bypass certain security mechanisms.
This exploit targets a vulnerability in the Snort DCE/RPC preprocessor, as described in CVE-2006-5276. It binds a shell to TCP port 4444 and connects to it. The exploit code was tested against snort-2.6.1 running on Red Hat Linux 8.
Mambo CMS is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue by tricking an unsuspecting user into visiting a malicious Web page. The page will consist of specially crafted script code designed to perform some action on the attacker's behalf. Successful exploits will allow attackers to run privileged commands on the affected device.
The Simple Machines Forum is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
Zazavi is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary code and run it in the context of the webserver process.
The VicBlog application is prone to an SQL-injection vulnerability due to improper input sanitization. An attacker can exploit this vulnerability by supplying malicious input in the 'tag' parameter of the URL. Successful exploitation can lead to application compromise, unauthorized access or modification of data, and exploitation of other vulnerabilities in the underlying database.
Hotel Portal is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.