The Tour de France Pool for Joomla is vulnerable to a remote file-include vulnerability. The application fails to properly sanitize user-supplied input, allowing an attacker to include and execute arbitrary files remotely. Exploiting this vulnerability can lead to compromise of the application and the underlying system. Other attacks may also be possible.
The WebDirector application is vulnerable to a cross-site scripting (XSS) attack due to insufficient input sanitization. An attacker can exploit this vulnerability by injecting malicious code into the 'deslocal' parameter of the affected website's URL. When an unsuspecting user visits the manipulated URL, the injected code will be executed in their browser, allowing the attacker to perform various malicious actions such as stealing authentication credentials and launching further attacks.
BlueSkyChat ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
The WebEvent application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This allows the attacker to steal cookie-based authentication credentials and launch other attacks.
The vulnerability allows JavaScript to execute with unintended privileges. A malicious site can cause the execution of a script with Chrome privileges, allowing attackers to execute hostile script code with privileges that exceed those intended. This issue affects Mozilla Firefox, Thunderbird, and SeaMonkey. Proof of concept code is available.
The Aplomb Poll application fails to properly sanitize user-supplied input, leading to multiple remote file-include vulnerabilities. An attacker can exploit these vulnerabilities to include a remote file containing malicious PHP code and execute it in the context of the webserver process. This can result in a compromise of the application and the underlying system, allowing for various other attacks as well.
The Aplomb Poll application is prone to multiple remote file-include vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to include a remote file containing malicious PHP code and execute it in the context of the webserver process. This can lead to compromise of the application and the underlying system, as well as other possible attacks.
Aplomb Poll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
IT!CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
IT!CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.