D-Link DIR-865L is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible. D-Link DIR-865L firmware version 1.03 is vulnerable; other versions may also be affected.
Fork CMS is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of the web server process. This may aid in further attacks.
Matrix42 Service Store is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Sosci Survey is prone to multiple security vulnerabilities, including unauthorized access, cross-site scripting, HTML injection, and PHP code execution. Exploiting these vulnerabilities may allow an attacker to gain unauthorized access to the affected application, allow attacker-supplied HTML and script code to run in the context of the affected browser, allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or inject and execute arbitrary malicious PHP code in the context of the web server process.
Todoo Forum is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Linux kernel is prone to multiple local denial-of-service vulnerabilities. Attackers can exploit these issues to trigger a kernel crash, which may result in a denial-of-service condition. An example exploit code is given as 'echo 1234 | sudo tee -a set_ftrace_pid' in the '/sys/kernel/debug/tracing' directory.
An attacker can exploit these issues to bypass certain security restrictions, steal cookie-based authentication credentials, gain access to system and other configuration files, or perform unauthorized actions in the context of a user session.
Aibolit is prone to an information-disclosure vulnerability, which allows attackers to obtain sensitive information that may aid in launching further attacks. This vulnerability is triggered when an attacker accesses the AI-BOLIT-REPORT-<date>-<time>.html file.
Hero is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
jPlayer is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Services By CQR