Tornado Knowledge Retrieval System is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Real Estate Website is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Diigo Toolbar and Diigolet are prone to an HTML-injection vulnerability and an information-disclosure vulnerability when handling data via the 'comment' feature. An attacker can exploit the HTML-injection issue to run arbitrary HTML and script code in the plugin of an unsuspecting user in the context of the domain on which a shared comment was made. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The attacker can exploit the information-disclosure issue via successful man-in-the-middle attacks. Information harvested may aid in further attacks.
Novell GroupWise Messenger is prone to two buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
SchoolCenter is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
ALFTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. Exploiting this issue will allow an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks.
F5 FirePass SSL VPN is prone to multiple cross-site request-forgery vulnerabilities because it fails to adequately sanitize user-supplied input. Exploiting these issues may allow a remote attacker to execute arbitrary actions in the context of the affected application.
Linksys WRH54G Wireless-G Router is prone to a denial-of-service vulnerability because it fails to adequately handle malformed HTTP requests. As a result, memory becomes corrupted and the device's HTTP service will crash. Successful exploits will deny service to legitimate users. Given the nature of this issue, remote code execution may be possible, but this has not been confirmed.
SamTodo is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
PHP Address Book is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.