HAMweather is prone to a script-code-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Motorola SB4200 is prone to a remote denial-of-service vulnerability. This may permit an attacker to crash affected devices, denying further network services to legitimate users. An attacker can exploit this issue by sending a POST request with a large value for the 'Secret' parameter.
digiSHOP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Easy Banner is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. An attacker can exploit this issue by sending a maliciously crafted HTTP request to the vulnerable application. The following example URL is available: http://www.example.com/[ path ]/functions.php?s[phppath]=[shellcode]
DeluxeBB is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
MailEnable is prone to multiple remote vulnerabilities. These issues arise in the SMTP server during NTLM authentication and may facilitate arbitrary code execution or denial-of-service conditions. MailEnable Professional 2.0 and MailEnable Enterprise 2.0 are reported vulnerable to these issues.
Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
OlateDownload is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to inject hostile HTML and script code into vulnerable sections of the application, steal cookie-based authentication credentials from legitimate users of the site, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
phpBB XS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Geotarget is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Services By CQR