The Sterlite SAM300 AX Router is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The TYPO3 't3m_cumulus_tagcloud' extension is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage the issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks.
The Rbot application fails to sanitize user supplied data, allowing an attacker to gain administrative rights and execute Ruby code within the context of the application.
ThinkPHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
This exploit allows an attacker to execute arbitrary commands on a vulnerable phpmyfaq version. The vulnerability exists in the attachment.php file, which does not properly sanitize user input before executing commands. By uploading a malicious PHP file and making a specific POST request to the attachment.php file, an attacker can execute arbitrary commands on the server. The exploit also includes a proxy option for anonymity.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
The ecoCMS web application is prone to a cross-site scripting vulnerability. This vulnerability occurs due to the application's failure to properly sanitize user-supplied input. An attacker can exploit this vulnerability by injecting arbitrary script code into the affected site, which will then be executed in the context of unsuspecting users' browsers. This can lead to the theft of cookie-based authentication credentials and enable the attacker to launch further attacks.
The RealVNC Viewer is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
The SamaGraph CMS is prone to an SQL-injection vulnerability. This vulnerability occurs because the application does not sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability by injecting malicious SQL statements into the affected application, potentially allowing them to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CH-CMS.ch is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Services By CQR