The DBImageGallery 1.2.2 script is vulnerable to remote file inclusion (RFI) attacks. By manipulating the 'donsimg_base_path' parameter in various PHP files, an attacker can include and execute arbitrary remote files, potentially leading to remote code execution.
The Joomla! 'com_marketplace' component is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Xforum is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The Technology for Solutions website is vulnerable to cross-site scripting (XSS) attacks due to improper input sanitization. An attacker can exploit this vulnerability by injecting arbitrary script code into the browser of an unsuspecting user. This can lead to the theft of authentication credentials stored in cookies and enable further malicious activities.
Attackers can exploit cross-site scripting and HTML-injection issues to execute arbitrary script code in the browser of an unsuspecting user. This can lead to the theft of authentication credentials and other attacks. Additionally, the security-bypass weakness can be leveraged to bypass certain security restrictions.
Attackers can exploit this issue by enticing an unsuspecting victim to open a specially crafted '.csv' file. Successful exploits will cause the application to crash, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
The D-Link model routers (DIR-652, DIR-835, DIR-855L, DGL-5500, DHP-1565) suffer from vulnerabilities including clear text storage of passwords, cross-site scripting, and sensitive information disclosure. The clear text password vulnerability allows bypassing authentication and gaining access to the admin password stored in plain text. The cross-site scripting vulnerability occurs in the 'apply.cgi' file due to improper neutralization of user input. The sensitive information disclosure vulnerability allows an attacker to access sensitive information.
This exploit targets Connectix Boards version 0.7 and below, specifically the 'p_skin' module. It allows for privilege escalation or code execution. The exploit requires the URL, username, password, and type of exploit as parameters. Optional parameters include proxy settings and proxy authentication.
Zenoss is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Tribisur is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Services By CQR