Clever Copy is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
PNG Counter is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. The attacker would need to entice the unsuspecting user to follow a malicious link containing script code embedded in the affected parameter. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Advanced Guestbook is prone to an HTML injection vulnerability due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
NETonE PHPBook is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input to the 'admin' parameter of the 'guestbook.php' script. A successful exploit could allow an attacker to steal cookie-based authentication credentials and launch other attacks.
CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
WebInspect is vulnerable to a cross-application script injection vulnerability due to a failure of the application to properly sanitize user-supplied data prior to including it in content rendered in an Internet Explorer COM object. This vulnerability allows attackers to execute arbitrary script code in the context of the vulnerable application. By exploiting the knowledge of predictable files on the targeted system, attackers may also cause arbitrary script code to be executed in the 'Local Machine' zone, facilitating remote machine code installation and execution.
VBZooM Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Netquery is affected by multiple remote vulnerabilities, which can allow remote attackers to execute arbitrary commands, disclose sensitive information, and carry out cross-site scripting attacks.
Internet Graphics Server is affected by a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote unauthorized user can disclose the contents of arbitrary local files through the use of directory traversal strings '../'. Exploitation of this vulnerability could lead to a loss of confidentiality.
Atomic Photo Album is susceptible to a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may exploit this issue to execute arbitrary PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
Services By CQR