PHPValley Micro Jobs Site Script is prone to a vulnerability that allows attackers to spoof another user. Attackers can exploit this issue to spoof another user; other attacks are also possible. An attacker can craft a malicious form to change the password of a target user to a predefined value.
Elecard MPEG Player is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Belkin F5D8236-4 Router is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device. An attacker can use JavaScript debugging to bypass authentication and submit a form with malicious values to enable remote management on port 31337.
The WP Super Cache plugin for WordPress is prone to a remote PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server. WP Super Cache 1.2 is vulnerable; other versions may also be affected.
The Cisco Linksys WRT310N Router is prone to multiple denial-of-service vulnerabilities when handling specially crafted HTTP requests. Successful exploits will cause the device to crash, denying service to legitimate users.
The TP-Link TL-WR1043N Router is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device. An attacker can craft a malicious HTML page containing a form with hidden inputs that will automatically submit the form to the vulnerable router. The form contains parameters that will enable remote management, remote upgrade, and UPnP.
SMF is prone to an HTML-injection and multiple PHP code-injection vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the affected application and inject hostile HTML and script code into vulnerable sections of the application.
The Colormix theme for WordPress is prone to multiple security vulnerabilities, including cross-site scripting, path-disclosure, and multiple content-spoofing vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
TP-LINK TL-WR741N and TL-WR741ND routers are prone to multiple denial-of-service vulnerabilities when handling specially crafted HTTP requests. Successful exploits will cause the device to crash, denying service to legitimate users.
Crafty Syntax Live Help is prone to a remote file-include vulnerability and a path-disclosure vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to obtain sensitive information and compromise the application and the underlying system; other attacks are also possible. File-include: http://www.example.com/path/admin.php?page=[RFI] Path-disclosure: http://www.example.com/livehelp/xmlhttp.php
Services By CQR