Attackers can gain access to sensitive information and potentially cause denial-of-service conditions by exploiting these vulnerabilities.
TWiki is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
TWiki is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
This is a remote exploit for IBM Lotus Domino Server 6.5. It sends a bindshell into memory and triggers an overwrite to gain control. The exploit has been tested on Windows 2003 server SP0.
ECommerce-Shopping Cart Zeuscart v. 4 suffers from multiple XSS-, SQLi- and InformationDisclosure-vulnerabilities. Reflecting XSS-vulnerabilities can be found in a common Zeuscart-installation in the parameter 'search', 'schltr', and 'brand' in the index.php file. SQL injection vulnerabilities can be found in the administrative backend of Zeuscart v. 4 in the 'id' parameter.
Zyncro social network is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Zyncro is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker could exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
This exploit targets the dproxy-nexgen software and allows remote attackers to execute arbitrary code with root privileges. The exploit works by sending a specially crafted packet to the target system, triggering a buffer overflow vulnerability and executing a shellcode payload. The exploit has been tested on the dproxy-nexgen (.tar.gz) version of the software.
Multiple SQL-injection vulnerabilities in OneCMS allow attackers to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The phpRS application is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR