Purity theme for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The "ContactName" ,"email" ,"subject" ,"comments", variables are not properly sanitized before being used. Exploit: POST /contact/ HTTP/1.0 Content-Length: 82 Accept: */* Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: exploit-masters.com Content-Type: application/x-www-form-urlencoded Referer: http://www.example.com/wordpress/contact/ contactName=>"'><script>alert("Hacked_by_MADSEC")</script>&email=&subject=&comments=&submitted=
WordPress is prone to multiple path-disclosure vulnerabilities. Remote attackers can exploit these issues to obtain sensitive information that may lead to further attacks.
AxisInternet VoIP Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
TAGWORX.CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
minimal Gallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
CoSoSys Endpoint Protector is prone to an insecure password generation vulnerability. Successfully exploiting this issue may allow an attacker to guess generated passwords and gain access to affected appliances. CoSoSys Endpoint Protector 4 is vulnerable; other versions may also be affected.
IFOBS is prone to multiple HTML-injection vulnerabilities. Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible. The exploit code provided in the source can be used to inject malicious scripts into the vulnerable parameters of the application.
Attackers may exploit these issues to execute arbitrary code in the context of the browser, obtain potentially sensitive information, bypass the same-origin policy, and steal cookie-based authentication credentials; other attacks are also possible.
Atlassian Confluence is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
FBDj is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR