Wordpress is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
A denial of service vulnerability exists in Windows Media Player when processing a specially crafted MIDI file. An attacker can exploit this vulnerability by sending a specially crafted MIDI file to the target user. The file size must be 14 bytes and the hex code must be 4D 54 68 64 00 00 00 06 00 00 00 00 00 00. When the target user opens the file, Windows Media Player will crash.
Multiple remote file-include vulnerabilities affect Luckybot because the application fails to properly sanitize user-supplied input before using it in a PHP 'include()' function call. An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process.
An attacker can exploit a vulnerability in Sambar FTP Server 6.4 by sending a specially crafted SIZE command with a long string of '.' characters, resulting in a denial of service condition.
vBulletin is prone to a vulnerability that may let remote attackers inject arbitrary script code into the application. If exploited, this vulnerability may let attackers steal cookie-based authentication credentials. Other attacks are also possible. The ability to upload SWF files must be enabled by site administrators to expose this issue.
TimberWolf is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Chatwm is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Future Internet is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker could exploit these issues to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Future Internet is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker could exploit these issues to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Services By CQR