Apache is prone to a cross-site scripting weakness when handling HTTP request methods that result in 413 HTTP errors. An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.
The F5 Networks FirePass 4100 SSL VPN devices are vulnerable to a cross-site scripting (XSS) attack due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other malicious activities.
An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. Reports indicate that code execution is not possible, but this has not been confirmed.
Ossigeno CMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Ossigeno CMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Ossigeno CMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
The 'bcoos' program is prone to multiple input-validation vulnerabilities, including SQL-injection issues and cross-site scripting issues. These vulnerabilities occur because the program fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The 'bcoos' program fails to sufficiently sanitize user-supplied data, leading to SQL-injection and cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Attackers can exploit these issues to access valid usernames in the Plumtree portal as well as the server hostname, build date, and server version. Information harvested can aid in further attacks.
p.mapper is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Services By CQR