Perl-Cal is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
CF_Nuke is prone to multiple cross-site scripting vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
CF_Nuke is prone to a local file include vulnerability. This is due to a lack of sanitization of user-supplied input. This may facilitate the unauthorized viewing of files and unauthorized execution of local ColdFusion code. It should be noted that successful exploitation requires that "Sandbox Security" is not enabled for the directory.
The vulnerabilities in CFMagic Products allow an attacker to inject malicious SQL code into database queries and conduct cross-site scripting attacks.
The CFMagic Products are prone to multiple input validation vulnerabilities. These vulnerabilities allow an attacker to inject malicious SQL code into database queries and conduct cross-site scripting attacks.
The CFMagic Products are prone to multiple input validation vulnerabilities. These vulnerabilities allow an attacker to inject malicious SQL code into database queries and conduct cross-site scripting attacks. An attacker can exploit these vulnerabilities by sending specially crafted input to the affected application.
Remote attackers can gain control of a target TrueMobile 2300 device running firmware versions 3.0.0.8 and 5.1.1.6. The vulnerability is in an administrative component accessed through the web-based control interface. Unauthenticated attackers can reset the administrative credentials without authorization, allowing them to log in and perform malicious actions that could compromise the entire LAN behind the device.
ASPMForum is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The DRZES HMS application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this by injecting arbitrary script code into the browser of a user visiting a specially crafted URL. This can result in the execution of malicious scripts in the context of the affected site, potentially leading to the theft of authentication credentials and other attacks.
ThWboard is prone to multiple input validation vulnerabilities. The application is vulnerable to HTML injection, cross-site scripting, and SQL injection; these issues are due to a lack of proper sanitization of user-supplied input. A remote attacker may inject SQL, HTML and script code resulting in theft of cookie-based authentication credentials, arbitrary script code execution, and the passing of malicious input to the underlying database application.
Services By CQR