The 'snif' program is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
J! Reactions is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Next Gen Portfolio Manager is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The LANAI CMS is vulnerable to multiple SQL injection vulnerabilities due to inadequate sanitization of user-supplied data before using it in an SQL query. Exploiting these vulnerabilities can allow an attacker to compromise the application, access or modify data, or exploit other vulnerabilities in the underlying database.
Multiple SQL-injection vulnerabilities in LANAI CMS allow attackers to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Hunkaray Okul Portali is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Tour de France Pool for Joomla is vulnerable to a remote file-include vulnerability. The application fails to properly sanitize user-supplied input, allowing an attacker to include and execute arbitrary files remotely. Exploiting this vulnerability can lead to compromise of the application and the underlying system. Other attacks may also be possible.
The WebDirector application is vulnerable to a cross-site scripting (XSS) attack due to insufficient input sanitization. An attacker can exploit this vulnerability by injecting malicious code into the 'deslocal' parameter of the affected website's URL. When an unsuspecting user visits the manipulated URL, the injected code will be executed in their browser, allowing the attacker to perform various malicious actions such as stealing authentication credentials and launching further attacks.
BlueSkyChat ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
The WebEvent application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This allows the attacker to steal cookie-based authentication credentials and launch other attacks.
Services By CQR