The Claroline application is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute local script code in the context of the application, access sensitive data, execute arbitrary code in the context of the webserver, steal cookie-based authentication credentials, and launch further attacks. The vulnerability can be exploited by accessing the following URL: http://www.example.com/inc/lib/languages.lib.php?language=../../[file]
MKPortal is prone to an authentication-bypass vulnerability because it fails to restrict access to certain administrative functions. Attackers can exploit this issue to gain unauthorized access to the application.
Toms Gästebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Toms Gästebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Absolute Poll Manager XE is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
Doomsday Engine is prone to multiple remote vulnerabilities, including multiple buffer-overflow issues, a denial-of-service issue, a format-string issue, and an integer-overflow issue. An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.
Authenticated attackers can exploit this issue to cause denial-of-service conditions. Remote code execution may also be possible, but this has not been confirmed.
Multiple input-validation vulnerabilities in Cisco Unified CallManager and Unified Communications Manager allow attackers to steal authentication credentials, execute malicious script code, compromise the application, access or modify data, or exploit underlying database vulnerabilities.
StarCraft Brood War is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
ACG News is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR