eStara Smartphone is prone to multiple denial-of-service vulnerabilities when processing malformed VOIP headers. Successful exploitation will cause the device to crash. For the negative 'Expires' field issue, an attacker can send an OPTIONS request with an Expires field set to a negative value. For the 'Content-Length' field issue, an attacker can send an INVITE request with a Content-Length field set to a large value.
Gastebuch is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
PHPNuke is prone to a cross-site scripting vulnerability. This issue affects the 'header.php' script. An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI. The malicious URI contains malicious HTML and script code that will be executed in the user's browser in the security context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Clever Copy is prone to multiple HTML-injection vulnerabilities due to the application failing to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
XMB Forum is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. Successful exploits of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database. Other attacks are also possible.
VHCS is prone to an HTML-injection vulnerability and an authentication-bypass vulnerability. These issues could be exploited to gain administrative access to the application; other attacks are also possible. An attacker can exploit this issue by submitting malicious HTML code to the vulnerable application. This code will be executed in the context of the vulnerable application.
Fortinet FortiGate devices running FortiOS v2.8MR10 and v3beta are vulnerable to this issue. An attacker can bypass the device's URL filtering by sending specially crafted HTTP requests.
VHCS is prone to an HTML-injection vulnerability and an authentication-bypass vulnerability. These issues could be exploited to gain administrative access to the application; other attacks are also possible.
DB_eSession is prone to an SQL-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Siteframe Beaumont is prone to a cross-site scripting vulnerability. This issue affects the 'search.php' script. An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI. The malicious URI contains a specially crafted string that, when viewed, will execute arbitrary HTML and script code in the user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Services By CQR