OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
TBmnetCMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
IBM Rational RequisitePro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Snitz Forums 2000 is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
Zainu is prone to a cross-site scripting vulnerability in the Contact module because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
bloofoxCMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input passed through the 'search' parameter. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Eclipse BIRT (Business Intelligence and Reporting Tools) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Pentaho BI is prone to multiple cross-site scripting and information-disclosure vulnerabilities because it fails to properly validate user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The attacker may also exploit these issues to obtain sensitive session information.
Adobe Reader and Acrobat are prone to a remote code-execution vulnerability because they fail to properly handle certain COM objects. An attacker can exploit this issue by supplying a malicious PDF file or webpage. Successful exploits may allow the attacker to execute arbitrary code in the context of a user running the affected application. Failed attempts will likely result in denial-of-service conditions.
Dream Poll is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR