RuubikCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
GetSimple CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The HTML-injection vulnerability in razorCMS allows attacker-supplied HTML or JavaScript code to run in the context of the affected site. This can potentially lead to the theft of cookie-based authentication credentials and control over how the site is rendered to the user.
This PHP script demonstrates a crash exploit using the wddx_deserialize() function. By passing a specially crafted XML payload to the function, it causes a buffer overflow and crashes the script.
OpenForum is prone to a vulnerability that may allow remote attackers to create arbitrary files on a vulnerable system. Successful exploits will allow an attacker to create arbitrary files, which may then be executed to perform unauthorized actions. This may aid in further attacks.
The cyberhost application is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Cisco DPC2100 modem is prone to multiple security-bypass and cross-site request-forgery vulnerabilities. Successful exploits may allow attackers to run privileged commands, change configuration settings, modify device firmware, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible.
Attackers can exploit this issue to compromise the affected application, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible.
The gpEasy CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
This exploit allows an attacker to retrieve the username and password from the RPS 6.2 system using SQL injection.
Services By CQR