FarsiNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Instant Photo Gallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
phpWebFTP is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input using the HTTP 'POST' method when submitting a malicious URI. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
NextAge Shopping Cart is prone to multiple HTML-injection vulnerabilities; the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Photokorn is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Photokorn is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Lotus Domino LDAP server is prone to a remote denial-of-service vulnerability when handling malformed requests. Lotus Domino 7.0 is vulnerable; earlier versions may also be affected. This issue is reported to be caused by a heap-based buffer-overflow vulnerability. A proof of concept is available. Lotus Domino 8.5 Fixpack 1 is also vulnerable.
Scry Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Blender is susceptible to a Python code-execution vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input before using it in a Python 'eval' statement. This issue allows attackers to execute arbitrary Python code in the context of the user running the affected application.
Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This issue is due to a flaw in the application in handling nested OBJECT tags in HTML content. An attacker could exploit this issue via a malicious web page to potentially execute arbitrary code in the context of the currently logged-in user, but this has not been confirmed. Exploit attempts likely result in crashing the affected application. Attackers could exploit this issue through HTML email/newsgroup postings or through other applications that employ the affected component.
Services By CQR