X-Poll is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
X-Protection is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Liga Manager Online Joomla! Component is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and gain access to the underlying system.
Yahoo! Messenger is prone to a browser-navigation vulnerability that may permit a remote attacker to open a browser window on the victim user's computer to an arbitrary page. This issue occurs because the application fails to sanitize malicious messages. An attacker may be able to exploit this issue to execute a web browser and load an arbitrary web page. This may lead to other attacks.
JD-WordPress for Joomla is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
JD-WordPress for Joomla is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
PHPNuke INP is prone to a cross-site scripting vulnerability that affects the 'modules.php' script. An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI. The specific version affected is currently unknown. An example URI is http://www.example.com/[path]/modules.php?name=Downloads&op=search&query=><script>alert('ARIA')</script><
Oracle 10g is reportedly prone to a integer-overflow vulnerability because the application fails to allocate a large enough data type to accommodate user-supplied input before using it in a query. An attacker could exploit this vulnerability to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely cause denial-of-service conditions.
GeoClassifieds Enterprise is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
MyBulletinBoard is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
Services By CQR