GNU glibc is prone to a stack-corruption vulnerability. An attacker can exploit this issue to execute arbitrary machine code in the context of the application that uses the affected library. Failed exploit attempts will likely crash the application.
A local file inclusion vulnerability exists in WordPress WP Custom Pages 0.5.0.1. An attacker can exploit this vulnerability to include a local file on the server. This can be exploited by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This can result in the disclosure of sensitive information such as system and software configuration details, usernames and passwords, and potentially the execution of arbitrary code.
Web interface from FPS-1101 Print Server is affected by stored cross-site scripting vulnerability because it fails to properly sanitize user-supplied input at 'NDSContext' field in 'NetWare NDS Settings' area. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. After injecting the XSS code, you need to access Netware status page.
Web interface from PS110, PS101-A and PS112 Print Servers are affected by stored cross-site scripting vulnerability because of the lack of input validation.
Web interface from PA101, PU201, PA301 and PS531 Print Servers are affected by stored cross-site scripting vulnerability because it fails to properly sanitize user-supplied input at 'NDSContext' field in 'NetWare NDS Settings' area. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
Web interface from Mini-300PU and Mini100s Print Servers are affected by stored cross-site scripting vulnerability because it fails to properly sanitize user-supplied input at 'NDSContext' field in 'NetWare NDS Settings' area. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. After injecting the XSS code, you need to access Netware status page.
Web interface from TL-PS110U and TL-PS110P Print Servers are affected by stored cross-site scripting vulnerability because it fails to properly sanitize user-supplied input at 'NDSContext' field in 'NetWare NDS Settings' area. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
Web interface from ENPS-2012 Print Server is affected by stored cross-site scripting vulnerability because it fails to properly sanitize user-supplied input at 'NDSContext' field in 'NetWare NDS Settings' area. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
yaws-wiki version 1.88-1 is vulnerable to both reflective and stored XSS. The vulnerability exists in the editTag.yaws, showOldPage.yaws, allRefsToMe.yaws and editPage.yaws pages. An attacker can inject malicious JavaScript code in the 'node' parameter of the editTag.yaws, showOldPage.yaws and allRefsToMe.yaws pages and in the 'text' parameter of the editPage.yaws page.
DoceboLMS suffers from multiple stored XSS vulnerabilities pre and post auth. Input thru the POST parameters 'name', 'code' and 'title' in index.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site. URI based XSS vulnerabilities are also present.
Services By CQR