Barracuda SSL VPN 680 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
AVA VoIP is prone to multiple security vulnerabilities because the application fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, upload and execute arbitrary files in the context of the web server, and launch other attacks.
Google Chrome is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Linked Library (DLL) file. The code snippet provided in the text is an example of a DLL hijacking exploit.
EmbryoCore CMS is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Exploiting these issues may allow an attacker to obtain sensitive information that could aid in further attacks.
Rama Zeiten CMS is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view local files in the context of the web server process, which may aid in further attacks.
The Post Recommendations plug-in for WordPress is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Simple Machines is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Event Calender PHP is prone to multiple input validation vulnerabilities. Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Event Calender PHP 1.2 is vulnerable; other versions may also be affected.
Elite Bulletin Board is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This module exploits an arbitrary PHP File Upload and Code Execution flaw in some WordPress blog software plugins. The vulnerability allows for arbitrary file upload and remote code execution POST Data to Vulnerable Script/File in the plugin.
Services By CQR