ThWboard is prone to multiple input validation vulnerabilities. The application is vulnerable to HTML injection, cross-site scripting, and SQL injection; these issues are due to a lack of proper sanitization of user-supplied input. A remote attacker may inject SQL, HTML and script code resulting in theft of cookie-based authentication credentials, arbitrary script code execution, and the passing of malicious input to the underlying database application.
VPN-1 SecureClient is reported prone to a policy bypass vulnerability. This issue is due to a failure of the application to securely implement remote administrator-provided policies on affected computers. This issue allows remote VPN users to bypass the administratively-defined security policies. Specific issues arising from this vulnerability depend on the intended policies defined by administrators. Some examples of the consequences are: unauthorized computers may connect, scripts may not execute, or insecure network configurations may be possible.
Multiple vendors fail to clear the BIOS (Basic Input-Output System) keyboard buffer after reading the preboot authentication password during the system startup process. Depending on the operating system running on affected computers, the memory region may or may not be available for user-level access. With Linux operating systems, superuser access is required. With Microsoft Windows operating systems, nonprivileged users may access the keyboard buffer region. Attackers who obtain the password used for preboot authentication may then use it for further attacks.
Cars Portal is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
PluggedOut Blog is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
DoceboLMS is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the Web server process. Information obtained may aid in further attacks; other attacks are also possible.
A-FAQ is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
A-FAQ is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
The 'rwAuction Pro' application is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The NetAuctionHelp application is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities exist due to a lack of proper input sanitization. An attacker can exploit these vulnerabilities by injecting arbitrary script code into certain parameters, which will be executed in the context of the affected site. This can lead to the theft of authentication credentials and other malicious activities.
Services By CQR