Remote code execution

A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition...

Opial AV Download Management 1.0 Index.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20174/info Opial Audio/Visual Download Management is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to have arbitrary...

Moodle 1.5/1.6 mod/forum/discuss.php navtail Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21596/info Moodle is reported prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an HTML injection issue, because the application fails to properly sanitize user-supplied input...

DotItYourself - 'dot-it-yourself.cgi' Remote Command Execution

source: https://www.securityfocus.com/bid/66487/info DotItYourself is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary commands in the context of the affected...

NetArt Media Jobs Portal - SQL Injection

source: https://www.securityfocus.com/bid/54026/info NetArt Media Jobs Portal is prone to multiple HTML-injection vulnerabilities and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to compromise the...

Afian - 'includer.php' Directory Traversal

source: https://www.securityfocus.com/bid/33943/info Afian is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks...

Sentinel Protection Server 7.xKeys Server 1.0.x - Backslash Directory Traversal

Sentinel Protection Server 7.xKeys Server 1.0.x - Backslash Directory Traversal source: https://www.securityfocus.com/bid/27735/info Sentinel Protection Server and Keys Server are prone to a directory-traversal vulnerability because the software fails to sufficiently sanitize user-supplied input...

BitDefender Products - Update Server HTTP Daemon Directory Traversal

source: https://www.securityfocus.com/bid/27358/info BitDefender Update Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access potentially sensitive information that could aid in...

AShop Deluxe 4.5 - 'editcatalogue.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code...

Photostore - 'details.php?gid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20172/info Photostore is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecti...

BandSite CMS 1.1 - sendemail.php Cross-Site Scripting

BandSite CMS 1.1 - sendemail.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access...

Miraserver 1.0 RC4 - 'index.php?page' SQL Injection

source: https://www.securityfocus.com/bid/15960/info Miraserver is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise o...