Network Publisher plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Dynamic Widgets plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The GRAND Flash Album Gallery plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Universal Reader is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Universal Reader 1.16.740.0 is vulnerable; other versions may also be affected. The exploit code creates a file with 129 'a's in the filename, which causes the application to crash.
WP-FaceThumb is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Chevereto Image Upload Script is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. An attacker may leverage the information-disclosure issue to enumerate the existence of local files. Information obtained may aid in further attacks.
OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Linksys WRT54GL router is prone to a cross-site request-forgery vulnerability. Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible.
PHP Enter is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
JibberBook is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization. Attackers can exploit this issue to bypass authentication to gain administrative privileges; this may aid in launching further attacks.
Services By CQR