Fusebox is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Naxtor Shopping Cart is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Naxtor Shopping Cart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
OpenBook is prone to an SQL injection vulnerability due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by supplying malicious input in the form of an SQL query. This can result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
PHPFreeNews is prone to an SQL injection vulnerability due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. An example of this vulnerability is demonstrated by providing a login with the username "Admin" and a password of ') or isnull(1/0) or ('a'='a. Successful exploitation of this vulnerability could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
CFBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
MySQL Eventum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Ragnarok Online Control Panel (ROCP) is prone to a vulnerability that may let remote attackers bypass user authentication. This issue is related to how PHP variables are handled, letting an attacker influence a variable that is used to check user authentication. Exploitation could yield administrative access to the ROCP site.
PluggedOut CMS is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Examples of vulnerable URLs include: http://www.example.com/admin.php?action=content_edit&contentid=[XSS-Code], http://www.example.com/admin.php?action=report_statistics&report=visitors&&s=[XSS-Code], http://www.example.com/admin.php?action=report_statistics&report=visitors&&s=[SQL-Injection].
Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilities. These issues are all related to input validation errors. The cross-site scripting and HTML injection vulnerabilities may allow for theft of cookie-based authentication credentials or other attacks. The SQL injection vulnerabilities may permit a remote attacker to compromise the software or launch attacks other attacks against the database.
Services By CQR