DVBBS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Gravity Board X (GBX) is prone to an SQL injection vulnerability due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by providing malicious input in the login field, such as ' or isnull(1/0) /*, and any password. This can result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
e107 Website System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Invision Power Board is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
SysCP is affected by multiple script execution vulnerabilities. The application is affected by a remote file include vulnerability. An attacker can include remote script code and execute it in the context of an affected server. Another script code execution vulnerability may allow an attacker to call arbitrary functions and scripts by bypassing a PHP eval() statement. The following string is sufficient to bypass the eval() call: {${phpinfo();}}
EMC Navisphere Manager is affected by directory traversal and information disclosure vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A remote unauthorized user can disclose the contents of arbitrary local files through the use of directory traversal strings '../'. An attacker can also obtain the contents of arbitrary directories by appending a '.' to the end of a request. Exploitation of these vulnerabilities could lead to a loss of confidentiality and information disclosure.
Lantronix Secure Console Server SCS820/SCS1620 devices are susceptible to multiple local vulnerabilities. The first issue is an insecure default permission vulnerability. Attackers may exploit this vulnerability to write data to arbitrary files with superuser privileges. Other attacks are also possible. The second issue is a directory traversal vulnerability in the command-line interface. Attackers may exploit this vulnerability to gain inappropriate access to the underlying operating system. The third issue is a privilege escalation vulnerability in the command-line interface. Local users with 'sysadmin' access to the device can escape the command-line interface to gain superuser privileges in the underlying operating system. The last issue is a buffer overflow vulnerability in the 'edituser' binary. Attackers may exploit this vulnerability to execute arbitrary machine code with superuser privileges.
FlatNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to inject html and script code into the Web browser of an unsuspecting victim.The attacker may then steal cookie-based authentication credentials. Other attacks are also possible.
FlatNuke is prone to multiple cross-site scripting vulnerabilities due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to inject HTML and script code into the Web browser of an unsuspecting victim, potentially stealing cookie-based authentication credentials.
Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Services By CQR