Apache Shindig is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
The Daily Deal theme is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
Multiple Vendors are prone to a stack-based buffer-overflow vulnerability. Exploiting this vulnerability may allow attackers to execute arbitrary code in the context of the affected devices. The following are vulnerable: D-Link DIR-120, D-Link DI-624S, D-Link DI-524UP, D-Link DI-604S, D-Link DI-604UP, D-Link DI-604, D-Link DIR-100, D-Link TM-G5240, PLANEX COMMUNICATIONS BRL-04UR, PLANEX COMMUNICATIONS BRL-04R, PLANEX COMMUNICATIONS BRL-04CW.
PHP Point Of Sale is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in context of the application. Failed exploits may result in denial-of-service conditions.
WP-Realty plugin for WordPress is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Bugzilla is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Attackers can exploit this issue to steal cookie-based authentication information, execute arbitrary client-side scripts in the context of the browser, and obtain sensitive information. Other attacks are also possible.
Bugzilla is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Multiple Level One Enterprise Access Point devices are prone to a security bypass vulnerability. Successfully exploiting this issue may allow an attacker to gain access to sensitive configuration information including credentials. This may aid in further attacks.
Oracle JavaServer Faces is prone to multiple directory-traversal vulnerabilities. Exploiting these issues may allow an attacker to obtain sensitive information that could aid in further attacks. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences such as '../' to the vulnerable application. Examples of vulnerable URLs include http://www.example.com/someApp/javax.faces.resource.../WEB-INF/web.xml.jsf and http://www.example.com/someApp/javax.faces.resource./WEB-INF/web.xml.jsf?ln=..
FreeSMS is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary code in the context of the browser, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database; other attacks are also possible.
Services By CQR