The vulnerability exists due to the insufficient sanitization of user-supplied input in SAP BusinessObjects. Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks.
The vulnerability allows an attacker to view sensitive MySQL data by accessing the 'browser.php' file in the 'inc/filebrowser' directory. By specifying the 'file' parameter as 'inc/mysql.php', the attacker can retrieve the contents of the MySQL configuration file.
The HP System Management Homepage, also known as Systems Insight Manager, is prone to a cross-site scripting vulnerability. An attacker can exploit this vulnerability by injecting arbitrary script code in the browser of an unsuspecting user visiting the affected site. This can be used to steal cookie-based authentication credentials.
The MiFi 2352 access point firmware 11.47.17 is prone to an information-disclosure vulnerability that may expose sensitive information. Successful exploits will allow authenticated attackers to obtain passwords, which may aid in further attacks. The vulnerability is caused by the disclosure of sensitive information through certain URIs.
The Cisco Secure Desktop application is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The 3D Cloud component for Joomla! is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Attackers can exploit this issue to obtain potentially sensitive information that may lead to further attacks.
Attackers can exploit this vulnerability in Google Chrome to obtain potentially sensitive information that may lead to further attacks. The vulnerability involves the execution of arbitrary JavaScript code through the use of a crafted web page.
OpenX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Sun Java System Web Server is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input. The issue affects the WebDAV functionality. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Services By CQR