ASPKnowledgeBase is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
DuPortalPro is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Horde IMP is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.Reports indicate this issue is only present when viewing IMP content with the Microsoft Internet Explorer Web browser.
This exploit allows remote attackers to include arbitrary files via a URL in the init_mysource.php script in MySource CMS v.2.16.2.
The Blog System is vulnerable to multiple SQL injection attacks. These vulnerabilities occur due to the application's failure to properly sanitize user-supplied input before using it in SQL queries. An attacker can exploit these vulnerabilities by injecting malicious SQL code through the 'cat' parameter in the 'index.php' page.
Portal Solutions is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. This issue may be leveraged to read arbitrary files on an affected computer with the privileges of the Web server. An attacker can employ directory traversal sequences to disclose arbitrary files.
The Affiliate Manager PRO application fails to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by injecting SQL code into the 'pid' parameter in the 'ViewPaymentLog' function of the 'functions.php' file. Successful exploitation could lead to unauthorized access, disclosure or modification of data, or exploitation of other vulnerabilities in the underlying database.
Portal Solutions is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
eDating Professional is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The eDating Professional application is prone to multiple SQL injection vulnerabilities. These vulnerabilities occur due to a lack of proper sanitization of user-supplied input before using it in an SQL query. An attacker can exploit these vulnerabilities to compromise the application, disclose or modify data, or exploit vulnerabilities in the underlying database implementation.
Services By CQR