Jamroom is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The Linksys WAP54Gv3 Wireless Router is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Attackers may exploit this issue by enticing victims into visiting a malicious site. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Attackers can exploit these issues to obtain sensitive information, upload arbitrary files, execute arbitrary script code, steal cookie-based authentication credentials, and perform certain administrative actions.
The webConductor application is prone to an SQL-injection vulnerability due to insufficient sanitization of user-supplied data before using it in an SQL query. Exploiting this vulnerability can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Mercury/32 <v4.01b (win32) remote exploit. The vulnerability is caused by Mercury/32 concatenating continuation data into a fixed sized buffer disregarding the length of the original command. This allows an attacker to trigger a stack-based buffer overflow without requiring authentication. The exploit takes advantage of a stack frame that calls end_thread before returning. There are at least two different ways to exploit this vulnerability: controlling a pointer into sprintf and/or controlling a pointer to be free().
IBM WebSphere ILOG JRules is vulnerable to a cross-site scripting (XSS) vulnerability. This vulnerability occurs due to the application's failure to properly sanitize user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of cookie-based authentication credentials and other malicious activities.
The id Tech 4 Engine is vulnerable to a remote code execution vulnerability. An attacker can exploit this vulnerability to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Sigmer Technologies Scribe CMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
osCmax fails to properly sanitize user-supplied input, allowing an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can lead to the theft of cookie-based authentication credentials and other attacks.
SaffaTunes CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.