The vBulletin software is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
The Domain Shop website is vulnerable to a cross-site scripting (XSS) attack due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other malicious activities.
Attackers can exploit this issue to cause the affected mail client to crash, effectively denying service.
Plici is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary HTML and script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This exploit targets the IMAIL IMAPd 'LOGIN' buffer overflow vulnerability. It overwrites EIP and then executes the shellcode. It has been tested on all versions of Imail from 7.13 to 8.20, and is also vulnerable on versions below 7.13. It works on Windows 2000 SP4 and Windows XP SP0-SP2.
SjXjV is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
This exploit allows an attacker to perform a blind SQL injection attack on the XOOPS Module Kshop version 1.17 or below. By injecting a specially crafted payload into the 'id' parameter of the 'product_details.php' script, the attacker can extract sensitive information from the database, such as usernames and passwords.
eFront is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploiting this issue will allow an attacker to read arbitrary files from locations outside of the application's current directory. This could help the attacker launch further attacks.
Services By CQR