Zwiki is susceptible to a cross-site scripting vulnerability. This issue allows a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link is followed, the hostile code may be rendered in the web browser of the victim user.
A remote user can disclose directory listings by crafting a URI request containing directory traversal sequences. This allows the attacker to view the contents of a specified server directory located outside of the web root.
The Jabber Server is affected by multiple remote buffer overflow vulnerabilities. These vulnerabilities occur due to a lack of proper validation of user-supplied strings before copying them into finite process buffers. An attacker can exploit these vulnerabilities to execute arbitrary code on a computer with the privileges of the server process, potentially leading to unauthorized access or privilege escalation.
The vulnerabilities in SugarCRM arise from insufficient sanitization of user-supplied input. These vulnerabilities can be exploited by a remote attacker to carry out various attacks such as cross-site scripting, HTML injection, SQL injection, and directory traversal.
The vulnerabilities in SugarCRM are caused by insufficient sanitization of user-supplied input. An attacker can exploit these issues to perform various attacks including cross-site scripting, HTML injection, SQL injection, and directory traversal attacks.
The 'submit URI link' function in NuKed-Klan is prone to a HTML injection vulnerability. This is due to a lack of input validation on the 'website name' input field of the form. Attackers can exploit this vulnerability to manipulate web content or steal cookie-based authentication credentials. They can also perform arbitrary actions as the victim user.
A vulnerability is reported to exist in the access controls of the Java to JavaScript data exchange within web browsers that employ the Sun Java Plug-in. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet.
The cross-site scripting issue is present in a parameter of the 'popup.php' script. An attacker can exploit this issue by creating a malicious link containing HTML and script code and send this link to a vulnerable user. This can allow for theft of cookie-based authentication credentials and other attacks. An SQL injection issue exists in the application as well. This issue affects a parameter of the 'print.php' script. Due to this, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries.
The Halo game client is prone to a remote denial of service vulnerability. When using the in-game browser to view a server list, a malicious reply from a server can crash the affected client.
The ZyXEL Prestige router series is prone to an access validation vulnerability. The vulnerability allows remote attackers to reset the router's configuration by accessing a specific configuration page of the ZyXEL Prestige HTTP-based remote administration service.
Services By CQR