The Wysija Newsletters Plugin for WordPress is prone to multiple SQL-injection vulnerabilities. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Wysija Newsletters 2.2 is vulnerable; other versions may also be affected.
The CommentLuv plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
ezStats for Battlefield 3 is prone to multiple cross-site scripting vulnerabilities and a local file include vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run arbitrary files in the context of the web server process.
ezStats2 is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view files and execute local scripts in the context of the web server process. This may aid in further attacks.
EasyITSP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to access arbitrary files in the context of the application. This may aid in further attacks.
The flashnews Theme for WordPress is prone to multiple input-validation vulnerabilities. An attacker may leverage these issues to cause denial-of-service conditions, disclose sensitive information, upload arbitrary files to the affected computer, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The WP-Table Reloaded plugin for WordPress is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
A remote attacker can leverage this issue to execute arbitrary code within the context of the application. Successful exploits will compromise the application, and possibly, the underlying computer.
MiniUPnP is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions.
Multiple Hunt CCTV devices are prone to a remote information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information, such as credentials, that may aid in further attacks. An attacker can use the curl command to send a request to the vulnerable device and extract the credentials from the response.
Services By CQR