Splunk is prone to multiple cross-site scripting vulnerabilities and a denial-of-service vulnerability because it fails to properly handle user-supplied input. An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Friends in War The FAQ Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Omni-Secure is prone to multiple file-disclosure vulnerabilities. An attacker can exploit these issues to view local files in the context of the web server process. This may aid in further attacks.
The Tagged Albums plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Dailyedition-mouss theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Media Player Classic WebServer is prone to a cross-site scripting vulnerability and a denial-of-service vulnerability. An attacker may leverage these issues to cause a denial-of-service condition or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Successfully exploiting the cross-site scripting issue may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Multiple Huawei products are prone to a weak password encryption weakness. Successful exploits may allow an attacker to decrypt stored passwords; this may aid in further attacks. The vulnerable products are Huawei Quidway series, Huawei CX600 V600R001, Huawei CX600 V600R003C00SPC900, Huawei ME60 V600R002C07 and prior versions, AR 19/29/49 R2207 and prior versions.
The Eco-annu plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The PHP Event Calendar plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Kakao theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR