Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data.
The Exponent CMS application fails to properly sanitize user-supplied input, which can lead to multiple vulnerabilities. These vulnerabilities can be exploited to steal cookie-based authentication credentials, execute arbitrary script code, manipulate the rendering of the site, compromise the application, obtain sensitive information, and access or modify data.
Fully Moded PHPBB2 is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
NuclearBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Remote attackers can crash applications that employ the vulnerable controls, potentially allowing code execution.
PHP-Nuke is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
The Wabbit Gallery Script is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Attackers can exploit this issue to bypass the authentication mechanism and then access or overwrite files with arbitrary PHP script code. Script code added to certain files are later included for execution, allowing the attacker to execute arbitrary PHP script code.
Actionpoll is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
The News Manager Deluxe software is prone to a local file-include vulnerability due to a failure to properly sanitize user-supplied input. An attacker can exploit this issue to view files and execute local scripts.
Services By CQR