An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to execute arbitrary OS commands. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
WeBid is prone to multiple cross-site-scripting vulnerabilities and an LDAP injection vulnerability. An attacker may leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
BSK PDF Manager plugin for WordPress is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
xClassified is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
AtomCMS is prone to an SQL-injection vulnerability and an arbitrary file-upload vulnerability. Exploiting these issues could allow an attacker to upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The NextGEN Gallery plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in an arbitrary code execution within the context of the vulnerable application.
ZeusCart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Foreman is prone to a remote command-injection vulnerability. Successful exploits will result in the execution of arbitrary commands with the privileges of the user running foreman-proxy. An example exploit is provided using curl to send a malicious request to the vulnerable server.
The Linux kernel is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to cause a memory leak to obtain sensitive information that may lead to further attacks.
An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks.
Services By CQR