The Neuron News application is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and two cross-site scripting issues. These vulnerabilities exist because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit these issues to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Flyspray is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Black Sheep Web Software Form Tools is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
The QUOTE&ORDERING SYSTEM 1.0 (ordernum) is vulnerable to SQL Injection and XSS attacks. These vulnerabilities allow an attacker to execute arbitrary SQL queries and inject malicious scripts into the application.
The vulnerability allows unauthorized users to read draft posts in WordPress before they have been published. An attacker can exploit this issue by accessing a specific URI.
The SQL injection vulnerability and session vulnerability in phpRPG allow unauthorized users to steal sessions, access or modify data, or exploit latent vulnerabilities in the underlying database.
phPay is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. The vulnerability resides in code that was intended to protect against file-include attacks. It was found that the protection routines may be bypassed on Windows installations. Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
MKPortal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Multiple remote denial-of-service vulnerabilities occur when handling malformed SMTP commands in QK SMTP Server. An attacker can exploit these issues by sending specific commands to crash the affected application, resulting in a denial of service for legitimate users.
XOOPS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Services By CQR