eXPert PDF is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
GetSimple is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
Dalbum is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Spitfire is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
YaCOMAS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Alkacon OpenCms is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
OrangeHRM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Cetera eCommerce is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Cross Site Scripting examples include: http://www.example.com/catalog/%3Cscript%3Ealert(document.cookie)%3C/script%3E/, http://www.example.com/vendors/%3Cscript%3Ealert(document.cookie)%3C/script%3E/, http://www.example.com/catalog/cart/%3Cscript%3Ealert(document.cookie)%3C/script%3E/, http://www.example.com/news/%3Cscript%3Ealert(document.cookie)%3C/script%3E/, http://www.example.com/news/13012011111030/%3Cscript%3Ealert(document.cookie)%3C/script%3E/, http://www.example.com/%3Cscript%3Ealert(document.cookie)%3C/script%3E/. SQL Injection examples include: http://www.example.com/catalog/(version()=5.1)/, http://www.example.com/catalog/cart/.+benchmark(100000,md5(now()))+./
Sodahead Polls is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
nostromo nhttpd is prone to a remote command-execution vulnerability because it fails to properly validate user-supplied data. An attacker can exploit this issue to access arbitrary files and execute arbitrary commands with application-level privileges.
Services By CQR