IceWarp Merak Mail Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.
IceWarp Merak Mail Server is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Openfire is prone to a vulnerability that can permit an attacker to change the password of arbitrary users. Exploiting this issue can allow the attacker to gain unauthorized access to the affected application and to completely compromise victims' accounts.
An attacker may leverage the HTML-injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, and to launch other attacks.
GnuTLS is prone to multiple remote vulnerabilities, including a remote code-execution vulnerability, a denial-of-service vulnerability, a signature-generation vulnerability, and a signature-verification vulnerability. An attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers.
Coppermine Photo Gallery is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
LevelOne AMG-2000 is prone to a security-bypass vulnerability. Attackers may exploit this issue to gain access to the administrative interface and internal computers from an outside network. This may aid in further attacks. Note that valid authentication credentials must still be provided to authenticate to the device's administrative interface. Attackers may use default accounts such as 'operator' or 'manager' if the default passwords have not been changed.
Mozilla Firefox is prone to a remote memory-corruption vulnerability. Successful exploits will allow remote attackers to execute arbitrary code within the context of the affected browser or crash the browser, denying service to legitimate users.
Invision Power Board is prone to an information-disclosure issue and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to determine path information or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; this may aid in other attacks.
MataChat is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.
Services By CQR