WordPress custom tables plugin is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
SocialFit plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Classified Ads Script PHP is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
plow is prone to a buffer-overflow vulnerability. Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
VTE is prone to a vulnerability that may allow attackers to cause an affected application to consume excessive amounts of memory and CPU time, resulting in a denial-of-service condition. An attacker can exploit this issue by sending a specially crafted sequence of characters to the affected application.
php MBB is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Examples of vulnerable URLs include http://www.example.com/mbbcms/?ref=search&q=' + [SQL Injection] and http://www.example.com/mbbcms/?mod=article&act=search&q=' + [SQL Injection] for SQL injection, and http://www.example.com/mbbcms/?ref=search&q= [XSS] and http://www.example.com/mbbcms/?mod=article&act=search&q= [XSS] for cross-site scripting.
Items Manager Plugin for GetSimple CMS is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Zoom Player is prone to a remote denial-of-service vulnerability. Successful exploits may allow attackers to crash the affected application, resulting in denial-of-service conditions. Zoom Player 4.51 is vulnerable; other versions may also be affected.
SWFUpload is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
LIOOSYS CMS is prone to an SQL-injection vulnerability and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following example URIs are available: http://www.example.com/index.php?id and http://www.example.com/_files_/db.log
Services By CQR