The e-commerce application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can inject arbitrary script code that will be executed in the browser of an unsuspecting user, allowing for the theft of authentication credentials and other attacks.
Limbo CMS is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out cross-site scripting, SQL injection, and local file include attacks.
The input validation vulnerabilities in Limbo CMS can allow attackers to carry out cross-site scripting, SQL injection, and local file include attacks. An example of a cross-site scripting attack is demonstrated through the URL: http://www.example.com/[path]/?_SERVER[]=&_SERVER[REMOTE_ADDR]=<script>alert(document.cookie)</script>
The Scientific Atlanta DPX2100 cable modems are prone to a denial of service vulnerability. Remote attackers can crash the affected devices or temporarily block further network routing functionality by sending TCP 'LanD' packets. This results in denial of network services to legitimate users.
The Westell Versalink 327W router is vulnerable to a denial of service attack when handling TCP 'LanD' packets. Remote attackers can exploit this vulnerability to crash the affected devices or temporarily block network routing functionality, resulting in a denial of service for legitimate users. An Hping2 command is provided as an example to exploit this vulnerability.
Multiple unspecified Cisco Catalyst switches are prone to a denial of service vulnerability. These devices are susceptible to a remote denial of service vulnerability when handling TCP 'LanD' packets. This issue allows remote attackers to crash affected devices, or to temporarily block further network routing functionality. This will deny further network services to legitimate users.
QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, and theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
Netref is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Multiple Linksys devices are susceptible to a remote denial of service vulnerability when handling TCP 'LanD' packets. This allows remote attackers to crash affected devices or temporarily block further network routing functionality, denying network services to legitimate users.
WikkaWiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Services By CQR