FileContral is prone to a local file-include and a local file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to view and execute local files within the context of the webserver process, obtaining potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
Interspire Email Marketer is prone to the following input-validation vulnerabilities because it fails to properly sanitize user-supplied input: An SQL injection vulnerabilities, Multiple HTML injection vulnerabilities, and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Open Realty is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the web server process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
The Shopp plugin for WordPress is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attackers can exploit these issues to disclose sensitive information, steal cookie information, execute arbitrary client side script code in the context of browser, upload and execute arbitrary files in the context of the web server, and launch other attacks.
PowerTCP WebServer for ActiveX is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the application (typically Internet Explorer), denying service to legitimate users. PowerTCP WebServer for ActiveX 1.9.2 is vulnerable; other versions may also be affected.
Omnistar Mailer is prone to multiple SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, and steal cookie-based authentication credentials; other attacks are also possible.
Zenphoto is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The Akismet plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
AlamFifa CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
IBM Lotus Notes Traveler is prone to a URI-redirection vulnerability, multiple HTML-injection vulnerabilities and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user and conduct phishing attacks. Other attacks are also possible.
Services By CQR