Innovate Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
OSU (Ohio State University) HTTP server is prone to multiple information-disclosure vulnerabilities. This may allow a malicious user to gain access to sensitive data; information gained may aid in further attacks. Path-Disclosure and File- and Directroy-Disclosure are two of the vulnerabilities. Versions 3.11a and 3.10a are vulnerable; other versions may also be affected.
PT News is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
EShoppingPro is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. An attacker may be able to exploit this issue to modify the logic of SQL queries. Successful exploits may allow the attacker to compromise the software, retrieve information, or modify data; other consequences are possible as well.
NixieAffiliate is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
IDevSpot BizDirectory is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow an attacker steal cookie-based authentication credentials and launch other attacks.
ECardPro is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
The httpd daemon of BusyBox is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
The 'artmedic links' application is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to have malicious PHP code execute in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
ZilekPortal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Services By CQR