IDevSpot iSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver process. The attacker may be able to use the application's built-in text editor to alter a local file and exploit this issue to execute arbitrary code. This may facilitate a compromise of the vulnerable computer.
vCAP Calendar Server is prone to a remote denial-of-service vulnerability due to a design error. An attacker can exploit this issue to crash the application, effectively denying service.
PHProg is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and local file-include attacks. An example of a local file-include attack is demonstrated in the URL provided in the text.
XHP CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to steal cookie-based authentication credentials and to launch other attacks. An example of the exploit is http://www.example.com/index.php?errcode=<script>alert(document.cookie);</script>
PHProg is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These issues include a cross-site scripting vulnerability and a local file-include vulnerability. A successful exploit may allow unauthorized users to view files and to execute local scripts, execute arbitrary scripts within the context of the web browser, and steal cookie-based authentication credentials. Other attacks are also possible.
TextAds is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The application is prone to an input-validation vulnerability that allows malicious HTML and script code to be injected before it is used in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Microsoft Indexing Service is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input before it is rendered to other users. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user, in the context of the victim's session. This could allow the attacker to perform actions on behalf of the victim, such as spoofing content or hijacking their session.
Viking board is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. This may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Services By CQR